IMPROVING CYBERSECURITY MEASURES

12 September 2018

• cyber security
• Cyber Law Liverpool
• data hack
• cyber crime
• cybersecurity basics
• data protection
• GDPR
• general data protection regulation
• personal data
• data breach
• British airways data breach
• cyber law
• Solicitors Merseyside
• ticketmaster data breach
• dixons carphone data breach
• inbenta technologies
• PII
• personal identifiable information

In the past year there have been an array of high-profile data breaches from some of the UK’s biggest organisations including: British Airways, Dixons Carphone, and Ticketmaster UK.

It is alarming that such large established organisations have jeopardised not only their company’s data, but also the personal data of their customers, through their lack of cyber security.

Many cybersecurity experts believe that a data breach can occur due to a simple mistake being made possibly when updating systems or when processing the migration of data. Although there has been a substantial amount of investment placed on cybersecurity, there are still gaps in the basic procedures, which must be addressed.

In the case of Ticketmaster, who were subject to a data breach involving UK customers’ personal data including payment details being obtained by an unknown third party. This was due to a malware issue within a JavaScript code, which infected a chat-bot system produced by Inbenta Technologies. Ticketmaster were actually informed of the data hack by mobile-bank Monzo in April this year. However, it failed to act, resulting in further personal data being obtained.  

The Ticketmaster hack, as well as an array of others should motivate organisations to tighten their cybersecurity procedures by taking the following steps:

• Implement quality training for all staff, not just IT employees, ensuring that the organisation as a whole understands the basics of cybersecurity.
• Checking the security measures of any third parties before working with them. This should include: the vetting and on-boarding process, how the organisations data will be stored and their proof of compliance under GDPR.
• If an organisation is aware of a data hack, then in accordance with GDPR, they should report the breach within 72 hours in order to resolve the matter efficiently.
• In order to be fully prepared for a cyber breach, organisations should try to have an IT forensics team on hand, as well as any Legal or PR support in the event of being hacked.

 It is important to remember that it is not just large organisations that are targeted, small companies are also subjected to breaches, as figures show 42% of small businesses have also been affected by data hacks in the past 12 months. Smaller companies are seen as “soft” targets, as they may lack cybersecurity expertise, and are also an easy gateway in to hacking larger organisations.