Talk Talk shares took a hit when for the second time in less than a year they have had to admit that they have been subject to a successful cyber attack on their data. The company was unable to say what details had been accessed or whether credit cards details were included. It is a timely warning for any email marketing company due to high levels of personal data.
Estimates vary, but a conservative one puts victims of cyber crime at one in twenty of the adult population. Despite thinking that I was amongst the most aware of online safety, I found I was in this 5% earlier on in this year. Anyone can be a victim, especially, I was told, those who are confident of their security procedures.
Talk Talk’s chief executive, Dido Harding, seemed commendably honest in her replies to questions from the press, but the fact remains that customers must be concerned about the security of their data. Twitter was described, rather ironically, as alive with criticism. And talking of irony, Monday was the start of Get Safe Online Week.
Harding stated that she felt that Talk Talk’s security systems “were as secure as they could be”. The concern for all of us is that this might be true. If a company as big as Talk Talk can’t secure its data, what hope for us?
I recently spoke with members of the Surrey and Sussex Cyber Crime Unit, which was set up around the time of the previous hack into Talk Talk, and is headed by the improbably name Jak Bower. The first question, as always, is whether there is any way to run a competitive email marketing business and still be secure.
The reason Talk Talk was targeted is unknown at the moment but one possible motivation was extortion. Harding has stated that the company had been approached by someone claiming to have hacked their data. One assumes this contact included a demand, probably for money. If your company is somewhat smaller and has less value, these hackers are unlikely to target you. It is the same penalty for being found guilty of the offence regardless of the company size.
You can take steps to increase the security of your data. Educate your staff, particularly those whose responsibility includes working with data. Ensuring your systems are as secure as possible is an obvious necessity, but check also that no one is tempted to take a shortcut.
There have been cases of hackers leaving primed USB memory sticks in car parks of companies they are targeting. Once inserted in a company computer, or a staff member using a laptop at home, a virus is inserted.
Staff must be aware of the danger of clicking on links in emails. Make sure that you have set procedures for such matters and ensure your staff comply.
Do what I did: contact your local cyber crime unit. Such CCUs are being established all over the country and such offences as the Talk Talk hack will ensure that they are properly funded.
There is no comforting sign off, suggesting that you should not worry as such crimes are rare. It is almost certain that you will be victim of a cyber attack.