Latest Data Breach: Why do companies still risk storing customer data?
With yet another high profile data breach hitting the headlines this week, it emphasizes the absolute necessity for organizations to protect customer data...
As it transpires, TalkTalk did not store customer card data. However, over the four days it took them to confirm whether card data was breached or not, the damage to their brand, reputation and share-price could be irreversible. This stresses the fact that card data theft is a very real security issue and one that can destroy businesses.
the mere hint that card data could have been at risk, reduced their share price
by 40%. This has mostly recovered, but the reaction from shareholders and
consumers was immediate and the negative impact on their brand reputation will
no doubt be significant. The fallout will linger well passed the headline news
stage for months to come as they appease fines, legal costs and restore
customer confidence with unplanned resources.
The question is, with so much at stake, why do companies insist on storing customer data on their systems? Do they really need to hold bank details, card details, social security numbers and other confidential information?
The technology is also available right now to keep this type of sensitive information completely out of their organizational environments. But time and again at Eckoh, we come across businesses that would rather take the risk of being hacked, than make the investment to protect their customer's data - "We'll deal with it, if and when it happens!". But with the sophistication and complexity of hacking increasing every day, a data breach could happen sooner than they anticipate; and cost more than they bargained on.
Many of our clients are turning to tokenization solutions to keep personal customer data out of their organizations altogether. As they see it, they just want to get rid of sensitive card data as they don't need it and don't want it. They can still keep transacting as they always have done, but do not need to keep anything that may attract hackers.
This TalkTalk breach has no doubt given merchants in all sectors another wake-up call to reassess their own processes. The reality is that in the next number of years...NO business will hold unencrypted data, but until then the companies that do, are playing Russian roulette.
Imagine getting a burglar alarm fitted to your home. The company does a great…
Can you remember what you were doing a decade ago? A lot can happen in 10 years.