Posted 13th August 2015
The news that Carphone Warehouse has been hacked and that 2.4 million customer details have been compromised has come to a shock to a lot of people. Carphone Warehouse (now part of the Dixons Carphone group) are a large, established, multinational company, and because of this consumers would expect them to be on the ball when it comes to the security of their customers' details.
Every professional company that values it's consumer base will make every effort to protect the information that it's been entrusted with. But as we don't know the specific details of the hack at this time, I would like to give Carphone Warehouse the benefit of the doubt. I do believe that they made every effort to protect their customer data, but they may not have been as careful with it as they could have been.
But obviously there are exceptions to the above. Back in 2013, Sony Computer Entertainment Europe were fined £250,000 ($369,100) by the Information Commissioner's Office (ICO) for a serious breach of the Data Protection Act. They were hacked in 2011, and the ICO deemed the hack was totally preventable. In this case, the passwords of it's customers weren't secure. This meant that the perpetrators could easily access customer names, addresses, dates of birth – and even their financial information.
More recently, the adult online “dating” website Ashley Madison was targeted and 37 million of their customers details were stolen. What made this hack even more incredible was that two other websites were also affected. This meant that however the hack was performed, once hackers had access to one of the websites held by Avid Life Media (the owners of Ashley Madison), they had access to all of their websites.
The three hacks I have mentioned have all been against high profile websites and businesses, and these tend to be attractive targets to hackers due to their popularity and the size of the details held. But this doesn't mean hackers will only exclusively attack the websites and systems of large multinational companies. They attack smaller companies too.
A survey conducted for the UK Government by PwC this year found that 96% of UK firms had been hacked. What's more alarming though is that 9.1% had not acted to protect themselves from hacking.
Think of that for a moment. 9.1% of the 4.9 million companies based in the UK have not protected themselves from the actions that have befallen Carphone Warehouse, Sony Computer Entertainment Europe and Ashley Madison. Personally, if I knew a company I did business with was one of the 9.1% I would certainly pass them by when it came to giving them any of my business. And I'm sure that you would be the same.
But as a business owner, you have to ask yourself are you doing enough to secure your websites and online facilities? While you may not be the size of Carphone Warehouse, consumers still give you their information and they do expect you to keep it safe. So what can you do to protect not only your business, but your customer details too? Here are the three key areas you should enact right now.
SSL (Secure Sockets Layer) is a form of encryption that a website uses when passing personal information from the user to the website. Normally this is visible to the user through HTTPS (Hyper Text Transfer Protocol with SSL) being display in the browser address bar along with a padlock icon. Certificates range in prices, and usually last for 1 or more years before they need to be renewed. When buying an SSL certificate though, make sure you purchase it from a reputable retailer like Comodo.
When software is written it is usually written to meet security standards at that moment in time and to be protected from known security threats that exist at that time. But as time goes by security issues can appear in once secure systems, so it's important to make sure any software you use for your website or online systems is continually updated. For example, it's been well documented that WordPress websites are targeted more than other platforms due to its popularity, so it's important to make sure you update WordPress if you use it. But if you don't have access to your WordPress website, speak to the people who built your website and ask them to update it. Alternatively, you can get in touch with me at Emerald Creative and we can certainly look in to fixing it for you.
In the past I have felt embarrassed when a client calls or emails me and mentions that they came across an error message on a website of mine. On pure face value it is quite unprofessional for your website to have error messages visible anyway, as it can put across the impression that you simply don't care about presenting yourself to prospective clients. However, dig a little deeper and these simple error messages can be a treasure trove to hackers. Error messages can volunteer all sorts of information, such as what operating system your website is running through to what line of code is broken and in what file. At the very least, go through every single page of your website to make sure no error messages are displayed. If you come across one, then either fix it or contact your web design company and get them to fix it as soon as possible.
These 3 points are the most basic, important items that you should make sure are covered when it comes to your website and online systems. After these are completed, there will be other areas you should look to review. But what these areas are depends on your website, your needs, and what security measures you already have in place.
If you're concerned about your website's security, or you want to see what else can be done to make sure your website is secure, you are more than welcome to contact me and my team at Emerald Creative. We will be more than happy to help you make sure your business doesn't suffer the same fate as Carphone Warehouse, Sony Computer Entertainment Europe, and Ashley Madison.
On Saturday 16th April 2016, hundreds (if not thousands) of customers who use 123-reg for their website and VPS hosting saw their websites vanish in front of their eyes. Many emails were exchanged to their customer support team, but at the time of writing on 18th April 2016 many customers are still without their websites or servers.
With Google unveiling a brand new logo for themselves, Michael Burke from Emerald Creative talks about what's significant about the change and how you can improve your own company's logo by learning from the big guys.
Testimonials can be the difference between a customer buying your product or walking away, but fabricating them can result in a lot of negative publicity which Iain Duncan-Smith and the DWP are experiencing right now. Michael Burke explains what damage you could do to your business doing this and what you can do to get real, credible testimonials.
If you have a Google Analytics account, then you'll know how annoying those spam referral links are. In this article, Michael Burke goes through the simple process of eliminating those referral links from your analytics data, and how you can purge your old data from those damn spam links!
Unusually we have been blessed with two glaring marketing mistakes from two high profile companies recently. Michael Burke discusses the two advert mistakes, and what your business can do to make sure it avoids making similar mistakes.
The Carphone Warehouse Hack has proved that businesses need to do more to protect their business and their customer data. Find out about the 3 most important steps you can do to protect yourself, your business, and your customers.