3 cyber security lessons business owners can take from the Ticketmaster hack
Ticketmaster is the latest big brand to come under fire following a data breach that has led to the loss of 40, 000 customer details. So what lessons can small business owners take from the hack?
The company has blamed the breach on malware which entered its system via a third-party chat-bot vendor, Inbenta Technologies, with customer names, addresses, email addresses, telephone numbers and payment details all transferred to an unknown third party.
So far, so damaging. But to make matters worse, Monzo, the challenger bank, has come out to say that it actually informed Ticketmaster about a potential hack back in April, but the company failed to act. The National Crime Agency and the Information Commissioner’s Office are now investigating, and if they discover that Ticketmaster could have done more to halt the damage, serious repercussions could be on the cards.
Under GDPR rules, fines could be as high as 4% of turnover plus as this breach involves payment details, Ticketmaster could also face fines from the PCIDSS (Payment Card Industry Data Security Standard), which regulates the security of payment information. And that’s before calculating loss of customer trust and reputational damage.
Read more about GDPR and data breaches:
Cyber attacks and data breaches are an unfortunate part of business today and just being hit doesnt necessarily mean you’ve done something wrong. But companies have a responsibility to do their utmost to protect customer data and act as transparently as possible if they do identify an issue.
So, what can other companies learn from Ticketmaster’s response (or lack of) Ben Rose, head of cyber at insurance provider?Digital Risks, offers small business owners three cyber security lessons from the fallout.
Top-down cyber security
Ticketmaster’s apparent failure to respond to Monzo’s initial concerns suggest that cyber security should be a higher priority for staff and leadership. Cyber security can no longer be left to the IT person to deal with; it is an executive level issue and must be treated as such.
The management team must lead by example, while working together to ensure the message is communicated effectively across the whole business. So, if there is a potential issue, staff and management know what to do.
Honesty is the best policy
The new GDPR rules state that companies must disclose a breach within 72 hours of becoming aware of it. Failure to do so won’t just seem like you’ve got something to hide, it could also hinder investigations into the cause of the breach and prevent customers from taking actions that could help safeguard their information.
Speed is of the essence following a cyber-attack, so it’s valuable to have IT forensics, legal and PR support ready to go if you are hit.
Challenging the perception that cyber criminals are more concerned with large firms than smaller enterprises, Martin McTague, policy director at the Federation of Small Businesses (FSB), offers micro company owners a wake up call with some crucial cyber security action points. more»
In today's digital world, youd be hard-pressed to find a business that didnt use the internet for one process or another. As a result, warning about cyber attacks are never too far from the headlines. more»
Whilst most business owners are now well aware of the importance of security, many are unaware that one of the biggest threats comes from their own employees. A surprising number are intentionally leaking company information. more»