2015 didn’t end on such a secure note for some of the UK’s biggest companies, prompting the question: Will the latest series of UK data breaches prompt British companies to take a look at their cyber security practices?
Within one week in October 2015, three major British companies suffered a significant data breach. Kick-starting the data loss proceedings was the telecoms firm TalkTalk, who suffered a major cyber-attack, which compromised the data of more than four million of their customers. This occurred after TalkTalk failed to encrypt their data after what emerged to be the third cyber-attack on the company during the year.
Following suit a few days later, retailer Marks & Spencer suspended their website for two hours after customers were able to view other people’s personal details when they logged into their online accounts. The retailer stressed that after this breach, it was not due to being hacked, but down to a technical issue, and that no financial details were compromised.
Last but not least, British Gas. The energy company had to contact 2,200 of its customers to alert them that their email addresses and account passwords had been posted online in an unexplained data leak. They did stress however, that no payment details, such as bank account or credit card details, had been leaked and were not at risk. After the breach, British Gas said they were confident that the leak was not made from within the company, but was caused by “someone external”.
The reality is, that it is not always under the control of the company as to whether they are the victim of a hack or not. However, what they are in control of, and where their biggest responsibility lies is to ensure the safety and security of the data which they are collecting and storing. Many organisations take comfort that they are compliant with standards such as ISO 27001 and PCI DSS, and believe just being compliance is sufficient protection, but unfortunately it isn’t.
Boldon James Classifier aids both ISO 27001 and PCI DSS to ensure that documents are labelled, classified and controlled; minimising the security risk for both internal and external breaches of data. On Wednesday 24th February, Boldon James and JAW Consulting UK are hosting a webinar “Employing a Data-centric Security Strategy: Meet Compliance and Protect Critical Business Assets” where you will learn the key data-centric approaches that will help you realise efficiencies, saving time & cost of compliance with regulations such as PCI DSS, alongside a live Classifier demonstration.
Register for your place on the webinar now to learn how data classification can ensure your organisation doesn’t fall foul to the same breaches as British Gas, TalkTalk and Marks & Spencer, just to name a few.