The Carphone Warehouse Hack - 3 Important Ways You Can Improve Your Website's Security

Michael Burke, the author, has over 10 years of experience working in the Internet sector

Michael Burke

Web & Mobile Expert, Technical Director of Emerald Creative

The news that Carphone Warehouse has been hacked and that 2.4 million customer details have been compromised has come to a shock to a lot of people. Carphone Warehouse (now part of the Dixons Carphone group) are a large, established, multinational company, and because of this consumers would expect them to be on the ball when it comes to the security of their customers' details.

Every professional company that values it's consumer base will make every effort to protect the information that it's been entrusted with. But as we don't know the specific details of the hack at this time, I would like to give Carphone Warehouse the benefit of the doubt. I do believe that they made every effort to protect their customer data, but they may not have been as careful with it as they could have been.

But obviously there are exceptions to the above. Back in 2013, Sony Computer Entertainment Europe were fined £250,000 ($369,100) by the Information Commissioner's Office (ICO) for a serious breach of the Data Protection Act. They were hacked in 2011, and the ICO deemed the hack was totally preventable. In this case, the passwords of it's customers weren't secure. This meant that the perpetrators could easily access customer names, addresses, dates of birth – and even their financial information.

More recently, the adult online “dating” website Ashley Madison was targeted and 37 million of their customers details were stolen. What made this hack even more incredible was that two other websites were also affected. This meant that however the hack was performed, once hackers had access to one of the websites held by Avid Life Media (the owners of Ashley Madison), they had access to all of their websites.

The three hacks I have mentioned have all been against high profile websites and businesses, and these tend to be attractive targets to hackers due to their popularity and the size of the details held. But this doesn't mean hackers will only exclusively attack the websites and systems of large multinational companies. They attack smaller companies too.

A survey conducted for the UK Government by PwC this year found that 96% of UK firms had been hacked. What's more alarming though is that 9.1% had not acted to protect themselves from hacking.

Think of that for a moment. 9.1% of the 4.9 million companies based in the UK have not protected themselves from the actions that have befallen Carphone Warehouse, Sony Computer Entertainment Europe and Ashley Madison. Personally, if I knew a company I did business with was one of the 9.1% I would certainly pass them by when it came to giving them any of my business. And I'm sure that you would be the same.

But as a business owner, you have to ask yourself are you doing enough to secure your websites and online facilities? While you may not be the size of Carphone Warehouse, consumers still give you their information and they do expect you to keep it safe. So what can you do to protect not only your business, but your customer details too? Here are the three key areas you should enact right now.

1) Make sure your website uses SSL encryption during payment processes

SSL (Secure Sockets Layer) is a form of encryption that a website uses when passing personal information from the user to the website. Normally this is visible to the user through HTTPS (Hyper Text Transfer Protocol with SSL) being display in the browser address bar along with a padlock icon. Certificates range in prices, and usually last for 1 or more years before they need to be renewed. When buying an SSL certificate though, make sure you purchase it from a reputable retailer like Comodo.

2) Make sure your software is up to date

When software is written it is usually written to meet security standards at that moment in time and to be protected from known security threats that exist at that time. But as time goes by security issues can appear in once secure systems, so it's important to make sure any software you use for your website or online systems is continually updated. For example, it's been well documented that WordPress websites are targeted more than other platforms due to its popularity, so it's important to make sure you update WordPress if you use it. But if you don't have access to your WordPress website, speak to the people who built your website and ask them to update it. Alternatively, you can get in touch with me at Emerald Creative and we can certainly look in to fixing it for you.

3) Make sure you review your websites error messages

In the past I have felt embarrassed when a client calls or emails me and mentions that they came across an error message on a website of mine. On pure face value it is quite unprofessional for your website to have error messages visible anyway, as it can put across the impression that you simply don't care about presenting yourself to prospective clients. However, dig a little deeper and these simple error messages can be a treasure trove to hackers. Error messages can volunteer all sorts of information, such as what operating system your website is running through to what line of code is broken and in what file. At the very least, go through every single page of your website to make sure no error messages are displayed. If you come across one, then either fix it or contact your web design company and get them to fix it as soon as possible.

These 3 points are the most basic, important items that you should make sure are covered when it comes to your website and online systems. After these are completed, there will be other areas you should look to review. But what these areas are depends on your website, your needs, and what security measures you already have in place.

If you're concerned about your website's security, or you want to see what else can be done to make sure your website is secure, you are more than welcome to contact me and my team at Emerald Creative. We will be more than happy to help you make sure your business doesn't suffer the same fate as Carphone Warehouse, Sony Computer Entertainment Europe, and Ashley Madison.

Posted in Business, Security on 13th August 2015

Most Recent Articles

View More Posts

Sharing Is Caring... And Free!

If you have found this article interesting or useful, please consider sharing it using the buttons above!