Sony, Home Depot, Jamie Oliver & Talk Talk, are the latest names to be added to the embarrassingly large list of organisations that have been caught out by inadequate security on their websites. Cyber-attacks are a real and they carry serious implications for your business.
If your business is online, you must act and you must act now!
The cost of an online security breach can be enormous. It will erode customer confidence by damaging both your brand and your reputation. It will impact your profitability by lowering sales volumes and by incurring fines from the industry regulators. In addition, you will need to compensate your customers not only for any losses arising as a direct result of the breach, but also to maintain their goodwill and continued custom.
Big or small, when it comes to the law on data protection size doesn’t matter.
Regardless of its size, every organisation that processes personal information must take reasonable steps to safe guard that information. This will necessitate a pragmatic yet rigorous approach to the areas of consent, privacy and security.
Consent, privacy and security.
- Create a policy that describes the data that is collected by your website.
- Be sure to mention why the data is collected, how it will be used, with whom it will be shared and for how long it will be kept. A copy of your policy document should be accessible to all visitors of your website.
- Ensure that explicit consent is given for every item of personal information that harvest. Remember, that consent is also required to store cookies on the devices of visitors to your website.
- Create a disaster recovery plan, that describes how to respond in the event of a data breach or cyber attack. Should the worst happen, you won’t be caught unprepared.
- Finally, ensure that all sensitive information is transmitted over a secure connection. It should be encrypted both in transit and while at rest (e.g. in your database, Excel spreadsheet, mail merge CSV file, etc.). Encryption will not prevent a security breach, but it will guarantee that the stolen data will be unreadable and therefore completely useless.