Managing the Human Factor When Protecting Customer Data

Tesco Bank was forced to suspend online transactions after it became clear that customer data had been compromised and fraudsters were stealing money from customer accounts. This makes Tesco Bank another name in a long list of enterprise organisations that have suffered data breaches. Customers of brands including Sony, ebay, TalkTalk and Dixons Carphone have all recently suffered a similar fate.

£200bn cost of hacking every year

The damage to a brand’s reputation and their financial position is significant; TalkTalk’s hack cost the business an estimated £60m and caused its share price to drop by 20%. When added together, the cost of all hacking and data breaches globally has been estimated at £200bn per year.

As consumers, we trust big name brands with incredibly sensitive data including our financial details, health records and credit scores. If we feel that the companies behind these brands are not putting in place appropriate levels of security, the trust disappears and we stop transacting with them.

This emotional response has been quantified by recent research from KPMG in the telecoms sector, which shows that 50% of consumers would leave their provider if there was a data breach. But leaving a provider does not automatically mean that it will not continue to hold, or potentially lose, your data.

Protect against the human factor

The theft of data always grabs headlines, but what is often missed is the human factor. It is human action or error that results in data being stolen, unsecured, lost, or held when it is no longer required.

Brands recognise the problem. They must manage the challenge of serving their customers whilst also ensuring that the people interacting with customers, or customer information, understand their duty of care to protect the data.

The first line of defence

The first line of defence against human risk is creating a culture of security. This can be achieved by having robust policies and training on access to data (and where it can be stored), as well as watertight security procedures and effective tools to identify where problems are occurring.

But employees are human and as such fallible; compliance and policies can slow down the responsiveness of a business, frustrating employees and customers alike. The result is that occasionally employees may fracture a policy or two to resolve problems quickly in the interest of customer satisfaction.

This bending of rules goes unseen at the top of most businesses; the CIO or CTO of most top brands will proudly show you their list of policies, controls and secure servers that guarantee their customer’s data is safe and sound. But what happens when we check if their data security claims are true?

10GB unstructured data per employee

Having been invited to work with a number of large organisations to help them assess their data security, our experience is that we find unsecured customer (and corporate) data, every single time.

For every employee in an organisation we find 10GB of unstructured data – data that is not correctly classified and therefore probably not stored appropriately.

More concerning than that, of the 10GB of unstructured data per employee, 1% is documents containing passwords, 9% is personal data, 42% is company sensitive data and 46% is duplicate data.

To put that into context, an organisation the size of TalkTalk potentially has 23TB of unstructured and risky data of which 2TB could be personal data!

A simple process to identify risks to your data

It needn’t be this way. At Exonar we have a very elegant solution that can trace, locate and identify customer information that has been stored in multiple locations in an organisations’ IT infrastructure.

Once these breaches are identified, we help the organisation understand where their current controls are deficient, and build new processes using our systems to ensure that all sensitive data is being retained and, also importantly, removed, with the appropriate level of security and access.

So with the cost of hacking and data breaches estimated at £200bn globally, and one in six businesses falling prey to hackers, why make it easy for them to find your highly valuable customer data?

It’s not enough to think your data is secure, make sure you know it’s secure.

Exonar has a unique service that can rapidly discover, understand and act to classify unstructured and potentially high-risk data held on customer’s networks, in email systems and on cloud drives.

To find out more watch our video demo or visit our website to trial the platform on some of your own data.