WHAT DATA SECURITY MEANS TO BUSINESSES??

image


In this digital era, where technology has been our bestfriend and using computers, smartphones, and other similar devices to go online has made everyday activities easier and efficient. Nowadays, every aspect of people's lives are spent online, or at least, a large part of it for example to communicate with friends, book hotels for holidays, run businesses, find new job, grocery shopping, pay for utilities, you name it. And the systems are used both in business world as well in our everyday lives. As a result of this, we share our personal data that are required to be able to do those online activities.

Regardless of the size, every business that involved in providing products and services (or even both) to their customers. Every business, regardless of their type and size, use and work with different kind of data. The information that consists of employees, services, goods, and even customers’ personal information, are all part of data.


Kontributor:

Utari Siswandari



WHAT IS DATA SECURITY?

clip_image002

Data security means protecting digital data, from any dangerous and unwanted actions of unauthorized users, such as a cybercriminal or a data breach. To make it easier for you to understand you might want to imagine yourself as a kid. And as a kid you usually own a diary book even though you only wrote it for just few weeks. But a diary book is a great listener, you can write anything you want like what bothered you at school, the guy you had crush on, or maybe about your unpleasant friend. And you probably had a lock on your diary to make sure that no one was going to read your deep darkest secrets that might make you embarassed or maybe even got you in trouble if somebody read it secretly. That’s why you lock your diary and perhaps hid it under your bed to make sure no one is going to open it. That lock on your diary? That’s what Data Security is.


WHY DATA SECURITY MUST BE TAKEN SERIOUSLY IN BUSINESS?

In the age where almost everything can be accessed online through laptops, computers, or smartphones, we cannot deny that data security is a “Holy Grail” in this age. An example of how business rely so much on data security; the case of Adrienne Moncrief Hemphill who ran a small make-up business in her home (Bay St. Louis, Mississippi) when a natural disaster hit her. She lost everything during the event of hurricane katrina, and even her catalogues, her website, her inventory of products and her most valuable item, her mailing list. She tried to write down her customers list with one of her employee using only her memory and only able to list 150 out of 500 customers. And when her website finally backed up and running she then got more list of her customers. This case highlight the importance of data security even to small business.

For all corporations, businesses, government programs and even individuals, data protection is fundamental or important to preserving integrity, profits and records. Without data security, people are at risk for identity fraud, theft, and much worse. Digital systems that used in business operates and consists of sensitive and personal data, which is why it is essential in business, the system that is being used to protect data must be secured in the best way.

Even with only buying one product from your business by using their credit card, it means your customers are trusting you to keep their sensitive and confidential information. And of course no businesses ever intentionally leaked their customers’ sensitive and personal informations, but however, even an unintentionally leaked informations of your customers can affect your business and enough to bring catastrophe to your business’ reputation and your money. Leaked data/information and security breach are truly a huge threat to any size of business. When your datas are not safe because of security breach, you put everything on stake and not only you are going to pay for huge amount of money, but it will also affect your reputation. And when your clients don’t feel secure with your flawed system, they can decide to stop cooperate with you and thus affecting your business’ future. It takes years to build business reputation but it only takes few seconds to destroy it.


WHAT IMPACT CAN DATA BREACH GIVES TO BUSINESSES? AND WHO WILL BE AFFECTED BY IT?

clip_image003


Well, there are many online businesses that still leave their virtual “door” open. Which means there are people who are not aware the importance of keeping your data secured. The reason why they still haven’t secured their data is because their online business’ security does not meet with PCI (Payment Card Security) data security standarts. One of the most important things in business is protecting your customers’ sensitive data such as Credit Card number, address, name, and more from being stolen and abused by unauthorized people. And according to NetworkComputing.com it’s been estimated there are 67% of businesses that do not fulfill. That’s why it’s essential for businesses (regardless of their size) to be able to fulfill PCI standarts, because that is one of the most important things you can do to ensure the safety of your customers and the security of your business.

Examples of businesses that lack of data security and caused data breach:

  1. TARGET
    The event took place in 2013. It was one of the massive case of data breach that ever happened because the unfortunate event made their 70 million customers’ credit card and debit card leaked. Apparently the hackers able to gained the access to TARGET’s system through the credentials that was stolen from a heating and air conditioner vendor that previously been contracted by the retailer. If TARGET had been putting appropriate security for their data, especially their customers’ sensitive data, then they wouldn’t had to pay 520 million that was caused by the data breach.

  2. EBAY
    This one took a year after TARGET incident. In 2014, it was reported that there was cyberattack on EBAY, which caused their 145 million users’ personal data being exposed; names, addresses, dates of birth and even their passwords. How did the hackers got inside their system? Well, they were using credentials of 3 corporate employees and that was enough for them to have the complete access to EBAY for 229 days!

  3. FACEBOOK


    image
    The scandal of Facebook that recently broke the internet and being covered in almost every international media gave a huge impact on how users should protect their own personal data. A lot of parties were involved in this scandal, including Cambridge Analytica, a data-mining company, that abused FACEBOOK users’ data in order to help Donald Trump’s campaign during the 2016 presidential campaign.

    So, the data that was taken by Cambridge Analytica was used to create profiles and also target audiences for the sake of political ads to attract more support for Trump during the 2016 presidential campaign.

    Many people has filed a class-action lawsuit against FACEBOOK as they realized that the personal data of approximately 87 million users was being exposed as an effort to help the 2016 presidential campagin. Jordan O’hara, who was also the victim, testify that he use FACEBOOK and INSTAGRAM. And especially around the year 2016, he noticed there were many right-wing propaganda that appeared on his search feed. When in fact, Jordan O’hara has registered himself to democrat and never even look up for any right-wing content.

    The truth is, FACEBOOK had been warned before, but they never improved what they lack of and try to fix their previous mistake. Which maeans FACEBOOK has no effort to properly strengthen their security. 10 days after the news of FACEBOOK’s scandal broke (17th March), FACEBOOK shares has decreased to the amount of 18%. And not only that, FACEBOOK also being bombarded by the #DELETEFACEBOOK movement that apparently got high-profile supports.


WHAT BUSINESSES CAN DO TO PROVIDE PROPER DATA SECURITY

  1. DATA BACKUP
    Every business should always remember to backup their data on regular basis. The company’s data can be backup through physical data storage or cloud server. Backing up your data is very important for any businesses regardless of their size or type, incase if something unwanted happen in the future you can still have the access to your data that you backed up before. Morever, data can easily be lost during data breach and backing up your data is the first step towards data security.

  2. DATA RECOVERY
    Data recovery is the process for the company to regain or reclaiming their data that is not accessible anymore due to the corrupted and damaged storage in physical storage or file system. In almost every case, every business should regularly backup their data so that when their worst case happens it would be easier for them to recover their data. Data recovery plan is one of data security strategy in every business.

  3. VIRUS & SPAM PROTECTION
    Virus or malware program is an evil software that replicates itself into other programs or files in that system. Virus that is undetected can easily infect and damage any important data. Virus and malware can corrupt data, gain access to private data, spreading spams, and leak confidential data.

  4. FULFILL PCI STANDART OF PAYMENT
    The Payment Card Industry Data Security Standard (PCI DSS) points to payment security standards to ensure all sellers safely and securely accept, store, process, and transmit cardholder data (also known as your customers’ credit card information) in a credit card transaction.

    Any merchant that accepts payments card must follow the PCI regulations in order to protect and prevent any data breaches. Payment data covers information such as primary account number (PAN), the cardholder’s name, and the credit card service code and also expiration date. Sellers are also responsible for protecting the sensitive authentication data in the magnetic-stripe data (CAV2, CVC2, CVV2, CID, PINs, PIN blocks, etc).

    image

    The picture above shows where the cardholder’s sensitive data is contained in a payment card. And your business should avoid containing any of those sensitive data in the picture, if you do then you will need to have a good reason for storing it and must also demonstrate that you are capable to protect it.

  5. FIREWALLS
    Firewalls are network security system. Well, firewalls are barrier between internal network (that is being used inside a company), and external netwok (internet). Firewalls can restrict any incoming and outgoing activity in traffic that are considered suspicious. Firewalls can be used to prevent any spreading infection of malware and virus.

  6. TRAIN YOUR STAFF
    Almost two-thirds of data breach cases are caused by human error and many cybercriminals can take advantage of that, which is why training your staff or your employee is the key. The company needs to educate their staff on what they can or cannot use their company computer for, what application that should and should not be downloaded in company computer, what kind of email that should not be opened to prevent any virus and malware, and make them aware with the importance of data security and how to handle it during data breach.


Popular posts

Sistem informasi global dan penerapannya oleh perusahaan multinasional

Analisis sensitivitas

Tepat waktu (just in time)