Would you spend £150,000 on a hard drive?
You might think my question is a bit misleading once I’ve outlined the context of the situation, but bear with me. RSA Insurance has found itself slapped with a £150,000 fine from the ICO thanks to a hard drive being stolen, and along with it the private details of 60,000 customers — including 20,000 credit card numbers. Essentially, with a RRP of around £50, that little hard drive has cost the company 3,000 times more than it should have.
The risks are higher than ever
That is a hefty figure to cough up just because someone neglected to implement simple data security measures around the storage of sensitive customer information. With the risks only continuing to grow thanks to increasing insider threats, more sophisticated cyber-attacks and savvier cyber-criminals, you have to question how a company could leave itself open to such a basic error. Risks come in more than one shape and size. As a business, neglecting proper data security not only leaves you exposed to fines, it also jeopardises your corporate reputation, something which takes a lot of time and effort to rebuild.
Don’t hold the data in the first place!
It’s true, £150,000 doesn’t begin to compare with the staggering fines that could be laid at the door of other companies after more spectacular data breaches (think of the predicted £1.9 billion fine that could have been facing Tesco Bank had the EU GDPR already been enforced). But it’s still far too high a price to pay for something that was almost 100% avoidable. After all, if you don’t store the details, especially payment card numbers, there’s nothing to be stolen in the first place!
Learn from other people’s lessons
If nothing else, this new headline-grabbing case of data theft sends a clear message to all other companies, whether insurance providers or otherwise, that it’s time to take data security seriously. Your customers are unlikely to be forgiving when they discover that the reason they have been exposed to fraudulent payment card transactions is down to the fact that somewhere along the line, someone at their insurer (or bank or electricity provider) left their data lying around for criminals to steal.