How to implement a secure defence from hackers

Business that have been hacked face an uncertain future, as customer loyalty may dwindle.

According to a recent study from Centrify, 75% of UK consumers would walk away from a business that had been hacked.

Clearly, the onus is on businesses to implement processes that both protect themselves and reassure their customers that adequate measures are being taken to protect confidential customer information.

Companies that put customer data at risk are effectively putting their entire business at risk and it’s something that people simply aren’t willing to tolerate.

The survey found that financial institutions have the best reputation when it comes to dealing with security breaches compared to other sectors.

They top the list of 7 different industries in terms of how well they handle security issues for their customers with government/local government and HMRC coming in a respectable second.

>See also: Risk vs reward – when good data becomes dangerous

Conversely, retailers rank fourth and travel sites fifth in each country, while membership and hospitality businesses are the lowest ranked clearly bringing into question their priorities when it comes to a possible breach of data.

To some degree, most consumers expect to be hacked today, with 73% in the UK admitting that it has become normal or expected for businesses to be hacked.

Despite this, only half feel that they are taking enough responsibility for the security of their customers’ or members’ personal information.

Hackers are constantly on the lookout for ways to infiltrate a business’ defence in order to steal data be it personal information or financial records which can be either sold on to a third party or used to steal money.

They may be working on their own or in wider organised groups and doing everything possible to secure a business against an attack will reduce the risk and do much to enhance the reputation of a brand.

Taking appropriate action

The tactics employed by these so called cyber-attackers are highly sophisticated.

>See also: 87% of UK healthcare organisations are putting patient data at risk

Some sectors are better equipped to deal with such breaches to their system in the main, but the burden of responsibility for security lies with the individual businesses in securing the personal information of their customers.

So what can be done to protect themselves and reassure their customers?

Password hygiene

Usernames and passwords still remain the easiest way for hackers to gain access to a business through the proverbial front door so it’s essential that an organisation constantly educates its customers on the importance of good password and ensure that is always remains central to the core security policy.

Multi-factor authentication

Very few cyber security professionals believe that username and password-based security is a an adequate form of protection and many organisations are now turning to multi-factor authentication (MFA)  to provide the kind of necessary in today’s complex IT and security world.

MFA mitigates password risk by requiring additional factors of authentication.

>See also: Hidden risk: why the complex world of data centres and licences could harm your business

The first factor is typically a username, password, PIN or security questions followed by a one-time code sent to a mobile device. Other factors used for authentication could include a fingerprint, retina scans, voice recognition or a smart card.

Clear internal security policies

Educating staff and having clear internal security policies are equally as important as those in place for customers along with controlling who has access to what data and giving privilege access only to those who need it as part of their job.

IT departments also face the ongoing challenge of securing enterprise data outside the traditional security perimeter of the business.

>See also: 2 in 5 UK businesses still unaware of the EU’s new data law despite the prospect of hefty fines

Using the individual’s identity to counteract this threat offers the ideal way to address this. With mobile device identity and cloud user identity this technology can leverage user and device information and determine who has access to what application from which device and location.

Keep sensitive data safe

The Payment Card Industry Data Security Standard (PCI DSS) strongly suggests that for the transmission of customer data such as sensitive cardholder information businesses an encryption process is put in place so that it’s masked the moment it’s swiped and throughout the transaction.

Customer communication

Should the worse happen and a business site be breached it is the legal responsibility of the business to inform the customer as soon as possible.

Under the new EU General Data Protection Regulation (GDPR), a business will be required to notify the ICO

(Information Commissioner’s Office) of a data breach no later than 72 hours afterwards, unless it is able to demonstrate that the breach is unlikely to result in a risk for the rights and freedoms of individuals.

The reality for most organisations is not if, but when their systems will be breached.

But, understanding what the biggest security threats are and taking the appropriate measures to protect against them, will go a long way to securing enterprise businesses.

This will send a clear message to customers about the level of importance placed on protecting their data.


Sourced by Bill Mann, senior vice president of products and chief product officer at Centrify

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics