Customers trust you with their data, but what happens if systems fail?
RDS Global, the BMF’s cyber protection partner, offers timely advice.
16 October 2018
Once again data protection – or the lack of it – is making headlines in the media. In the last month alone three major corporations admitted serious data breaches affecting thousands of customers.
The credit card details of 380,000 British Airways customers were stolen from its website and app over a two-week period during August and September. Despite promising to compensate passengers for any losses, BA potentially faces a class-action lawsuit if it is found to have failed to protect their personal data.
Hackers also gained access to the bank accounts and personal details of up to 800 UK ferry workers at Stena Line after they broke into the Scandinavian ferry giant’s systems via fraudulent emails.
While Dixons Carphone advised its customers that some 10 million records containing personal data may have been accessed during 2017 by hackers using sophisticated malware. This breach did not involve financial details but the personal details stolen could easily lead to fraud.
This is just the tip of a very large iceberg. Every industry, including the builders’ merchant supply chain, is being targeted. No business can afford to ignore the issue of cyber security nor the General Data Protection Regulation (GDPR)
that recently came into force to govern the way we hold, process, store and manage personal data.
The implications to your business if a similar cyber break occurred could be monetary fines, penalties and regulatory audits at the very least. If customers’ data is involved the knock-on effect from their loss of confidence in your brand leading them to take their custom elsewhere gives rise to a risk analysis that questions whether your business would be sustainable following such an event.
As the company behind the BMF’s Cyber Audit Plus service
, RDS Global can help to protect your business. RDS is a one-stop shop to safeguard your business against various types of cyber-attacks, helping you to implement effective measures in an efficient way.
When considering cyber security, three things are key:
Each cyber security measure should be consistently implemented across the board. For example, if you employ two factor authentications make sure that everyone uses this, from employees to administrators and upper management.
Cyber security needs to be approached as a whole.There is no point in creating a highly robust and tightly secured perimeter when your data is inadequately protected from insider threats.
Risk based approach:
When formulating and implementing your security strategy it is vital to consider actual and potential risks the company faces, then conduct a thorough risk assessment to determine any current security vulnerabilities.
can assist you through the process and help you prepare and implement an action plan to minimise the risk, through the following steps.
Assess your physical data security
Gauge employee awareness
Review and test outsider threat protection
Test your network security
Establish back up procedures
The steps outlined are part of the technical requirements under General Data Protection Regulations, which in essence locks in Data Protection and Privacy for all individuals, both your employees within the business and your customer base outside.
For further information and advice on gaining appropriate Cyber and GDPR certifications call our IASME assessors on 0330 0538979 or drop an email to [email protected].
This article appeared in the October 2018 edition of Professional Builders Merchant (PBM)