Are You Protecting Customer Data From Modern Cyber Threats?

Online security breaches are rarely out of the news. In May 2017, 47 NHS Hospitals, Trusts and GPs surgeries were crippled, along with hundreds of thousands of computers across 150 countries, thanks to the WannaCrypt ransomware attack.

In April 2017, Wonga, the loss-making payday lender alerted customers that at least 250,000 accounts had been compromised.

In October 2015, the telecoms company, TalkTalk experienced a breach, with 157,000 customer accounts compromised. They were fined £400,000 for poor security, resulting in the data theft. Sixty five percent of large UK firms detected a cyber-breach in 2016, with 25% experiencing a breach at least once every month.

Don’t assume your business is safe

Small and medium-sized businesses are just as vulnerable as iconic consumer brands.

Hackers work with automated bots, to probe for weaknesses, in websites, emails, social networks and software products. Once a weakness is detected, a human cyber-criminal goes to work ‘hacking’ into systems to steal anything of value. Customer data is always worth stealing. It is sold on the dark web, used to create fake identities, commit financial fraud, damage brand reputations and sometimes bribe companies for the safe return of the data.

Customers readily abandon companies that can’t protect their data. Business buyers abandon suppliers. Once that trust is broken, it can be hard to get it back.

At JP Morgan Chase, one neglected server — not fitted with two-factor login authentication — resulted in 83 million consumer and business accounts compromised in 2014. Home addresses, telephone numbers and email addresses were stolen. An FBI investigation was launched, but the source of the attack is still unknown.

JP Morgan Chase can afford to spend $250 million every year on cyber-security, employ whole security teams, work with external cyber-security experts, and yet still make mistakes. Makes you wonder, how safe is your data? Or your customer’s data, for that matter?

What reasonable steps should you take to protect data?

Alongside the immediate dangers of cyber-crime, new European legislation — the General Data Protection Regulation (GDPR) — will come into force in May 2018. The government has warned British businesses that Brexit won’t change the implementation timescale in the UK.

According to the Payment Card Industry Security Standards Council (PCI SSC), British businesses risk incurring £122 billion in penalties for data breaches. Even when this data is entrusted to a third-party — in a cloud-based CRM, for example — the company responsible for that data (in the eyes of the customer) will incur the fine. GDPR fines are set at “€20m or 4% of annual worldwide turnover, whichever is greater — far exceeding the current maximum of £500,000.”

In 2015, British businesses paid £1.4 billion in regulatory fines, which means that if data breaches stayed at 2015 levels, “fines paid to the European regulator could see a near 90-fold increase, from £1.4bn in 2015 to £122bn, the PCI SSC calculated.

No one, especially company directors, with a legal responsibility to protect data, wants to face these kinds of risks. In law, you are expected to take all reasonable efforts to avoid harming others, particularly customers who place a certain amount of trust in your business.

Anyone who buys software, or is involved in purchasing decisions, from marketing directors to CIOs, CTOs and sales directors, needs to know the vendors are capable of keeping your data secure. Too many vendors, especially new software startups, only take basic precautions. Early and growth-stage SaaS companies often ‘pass’ security management to their cloud storage solutions. In other words, they pass the buck along, and some even claim in web and sales copy that security is a top concern. No matter how much faith someone may have in a cloud provider, this is not the answer. It certainly won’t protect companies from fines.

Taking reasonable precautions means knowing, for certain, that your data is secure. ISO certifications — we are ISO 19001 and ISO/IEC 27001 certified — are invaluable confirmations that every effort is made to ensure customer data is safe and protected. We are also on the ICO Data Protection public register. Between ISO certification and a vigilant approach to security, we are confident that every effort is being made to protect the data entrusted to us. So far, we have processed over 16 million sales visits, calls and other activities from our clients over the last few years. Find out more about how we can improve your sales pipeline and protect your data.

Find out how you can get the data you need to manage your sales team:

Want more articles like this? Signup to our Newsletter.