Data security: A critical need for organisations of every size

In today’s digital age, the importance of protecting customer data cannot be overstated. As CEO of the Records and Information Management Practitioners Alliance (RIMPA), I understand the critical need for data security, not only for businesses but also for non-profit organisations. It is imperative to take customer data protection seriously, implement robust safeguards, and be prepared to respond effectively when breaches occur.

However, being lax in managing personal or other records doesn’t always translate to a lack of care. For smaller organisations, especially not-for-profits, training staff on data security can require significant financial investment and time. This can be challenging to source, particularly when employees are already dealing with capacity constraints and limited funds and when data security is considered a non-revenue-generating task.

Taking data security seriously: Lessons from ticketek and ticketmaster

The recent incidents at Ticketmaster and Ticketek serve as stark reminders that no business, no matter the size, is safe from data breaches.

The Ticketmaster breach, associated with ShinyHunters, entailed unauthorised access to a third-party cloud database, initially attributed to Snowflake. Snowflake clarified the breach was due to stolen credentials, not a system vulnerability. These incidents highlight the importance of protecting customer data and managing third-party risks.

Additionally, Ticketek investigated a cyber incident involving customer data on a third-party cloud platform, potentially exposing names, dates of birth, and email addresses. Their delayed and downplayed communication to customers, stating only that these details were compromised, reflects a troubling trend of companies minimising the severity of data breaches.

Ways to protect customer information

All businesses need to stay vigilant and take the management of their records more seriously, especially when it comes to the privacy of their customers. Despite following all protocols, vulnerabilities can still exist. Therefore, it’s essential to have a robust strategy in place.

Here are five key practices to enhance data security:

1. Delete customer information after a certain period: Retain customer data for as long as necessary. Implement policies to regularly delete outdated information.
2. Implement strong access controls: Limit access to sensitive data to only those employees who need it for their job functions. Use multi-factor authentication (MFA) to add an extra layer of security.
3. Encrypt sensitive data: Ensure that data is encrypted both in transit and at rest. This makes intercepted data unreadable to unauthorised users.
4. Regularly update and patch systems: Keep all software and systems up-to-date to protect against known vulnerabilities. Promptly apply security patches.
5. Conduct regular security audits: Perform frequent audits to identify and address potential security gaps before they can be exploited.

Responding to a data breach

How a company responds to a data breach is as crucial as preventing one. The insufficient response from Ticketek highlights the need for better breach management. Here’s how to handle it effectively:

1. Have a strategy in place: Develop a comprehensive breach response plan that includes clear communication protocols, legal considerations, and steps to mitigate damage.
2. Be transparent and prompt: Inform your customers about the breach as soon as possible. Delaying notification can erode trust and leave customers vulnerable.
3. Acknowledge the severity: Avoid downplaying the breach. Acknowledge the potential risks and provide clear, actionable advice on how customers can protect themselves.
4. Provide support: Offer resources such as credit monitoring services, dedicated support lines, and guidance on how to avoid scams.

Off the back of the Ticketmaster and Ticketek data breaches, it’s evident that data breaches and cyberattacks are only going to increase. All companies, no matter their size, have a responsibility to protect their customers’ information with the utmost diligence and to respond transparently and effectively when breaches occur.

By taking these steps, we can better safeguard our customers’ data, maintain their trust, and uphold our commitment to data security. Let’s take action now, before it’s too late.

Anne Cornish, CEO Records and Information Management Practitioners Alliance (RIMPA)

 | Website

Anne is a seasoned professional with over 30 years of experience in the information and records management arena, working with all levels of government and most large private industry sectors. She is the CEO of RIMPA Global, the peak body for records and information management professionals in Australasia and beyond, where she partners with the Board of Directors to implement the strategic objectives that enhance the industry.

• RIMPA Global forum sparks dialogue: Urgent reforms needed in APS records management
• Government's looming record-keeping crisis