Digital security is becoming a bigger and bigger issue for our clients, concerned both by the new General Data Protection Regulation (GDPR), coming early in 2018, and by the growing number of breaches in which hackers secure access to millions of email addresses and sometimes, much more.
GDPR: fines of up to 4% of annual turnover
This is the big, scary thing about GDPR, applicable to more extreme, specific breaches. Even lesser specified infringements will attract fines of up to EUR10 million or 2% of worldwide turnover. Breaches constitute, in the main, any failure to properly protect the data your company holds on other people and businesses. The problem for most companies – and this is no respecter of scale – is that preventing loss of data in the age of the 1TB memory stick, is not easy. Worse, as data elimination specialists Greenworld www.greenworld.eu.com have pointed out to us, very few organisations are capable either of defining what hard drives they own, or of completely deleting the data from them before disposal (if you want to know what your competitor is up to badly enough, buy their old computers – even if the hard drives have been erased and smashed up, most of the data can still be retrieved if you are willing to pay enough).
Common, cheap software brings its own problems
Just last month, free website provider Weebly confirmed that it was hacked in February, resulting in the theft of 43 million user names and passwords. Weebly only admitted this under pressure, months after being outed by LeakedSource.com, which lists dozens of such hacks here: www.leakedsource.com/main/databaselist/
This highlights a problem with shareware: the more widely a piece of code is used, the more havoc a hacker can wreak. Why write a piece of code which targets the hosting space or user details of one website, when it could target thousands, simultaneously? This creates problems of balancing risk and costs: on the one hand, only state-level military projects warrant the cost of writing everything from scratch. On the other, how much might a serous breach cost your business? It’s important to know this when discussing the scope of any online project.
What we are doing about it for our clients
This summer, we checked and upgraded the security settings on all of our websites. This included changing all usernames and passwords and, for all WordPress sites, implementing the highest levels of security checks and barriers available. We both follow certain security procedures ourselves and ask our clients to follow suit. Please contact us if you would like a copy of these procedures and to know more.