With over 2.5 quintillion bytes reportedly created each day, the world of data is simply mind-boggling. Due to the uprise of digitization, the quantity of the information available and created nowadays would be impossible to imagine 10 or even 5 years ago. Although not all of that data will specifically relate to individual people or their personal information, a considerable amount of will be of a sensitive nature.
The recent news that Twitter had suffered a high-level hack just goes to show that no business is immune from the potential effects of a data breach. Whether you run a boutique online retail store or a much larger professional services firm with an internet client portal, taking data security seriously is non-negotiable.
With so much to think about, and businesses already struggling to survive amidst tough market conditions, what can we learn from the Twitter hack and how can we do better in the future?
Table of Contents
Was Twitter hacked?
As reports flooded in on 16 July 2024, it quickly became clear that social media giant Twitter had been hacked. The microblogging site best known for spats between witty brand accounts and an ever scrolling news feed gave way to messages from hackers who posted links to online scams with a potential public readership of at least 350 million people.
Whilst it was bad enough that accounts had been compromised, the targets of the hack generated even more cause for concern given their public status and high follower counts. From former US President Barack Obama and Amazon founder Jeff Bezos to rapper Kanye West and entrepreneur Elon Musk, the accounts that were used to disseminate false information are some of the most popular on the net.
Perhaps most concerning are the reports of how the hackers achieved what they did. Early suggestions indicate that they may have accessed administrator privileges for the site meaning that they could potentially bypass the passwords to any account of their choosing. As the curtains closed on this cyber-attack, Twitter executives and cybersecurity professionals alike are left with the questions of how this happened, and what steps are needed to stop it from happening again.
How does the Data Protection Act affect businesses?
As cited by the World Economic Forum’s cyber lead William Dixon, the greatest casualty of the Twitter hack is the company’s reputation. The public has come to expect the protection of their accounts and the often personal information contained within them. Any compromise of a customer’s space online is likely to be problematic.
Twitter is a US company based out of San Francisco, but that doesn’t mean that UK businesses are any less susceptible to targeted hacking attempts. In fact, the UK and the European Union arguably have a much more robust regulatory system in place for data protection matters, and businesses of all sizes are subject to a significant number of legal requirements relating to their cybersecurity. As part of their implementation of the EU’s General Data Protection Regulation (GDPR), the UK government passed the Data Protection Act 2018 which, amongst other things, legally compels businesses to notify the supervisory authority (in this case the Information Commissioner’s Office or ICO) within a maximum of 72 hours after becoming aware of a personal data breach.
This is a serious obligation amongst a full repertoire of other substantial requirements imposed on UK businesses and data processors. Perhaps more serious, however, are the consequences of failing to protect the personal data of customers. With the threat of fines totaling up to the greater of £17 million or 4% of global turnover, businesses need to take data protection seriously or face failure and closure.
Keeping customers safe online
Taking a proactive approach to online security is a serious business, but for many businesses, it’s difficult to know where to start. From knowing how to respond to a data breach to training staff on how to handle sensitive personal data, becoming compliant with the Data Protection Act 2018 is a complicated necessity.
Despite the need for rigorous planning and watertight policies, there are some small wins that businesses can quite easily implement to protect themselves and their customers. For one thing, many businesses will find it helpful to limit the amount of personal data that they are collecting about their customers. This will reduce the amount of retained data that could fall victim to a hack or a data breach and can be simply done by only collecting personal data when it is strictly necessary to do so, and only retain it for as long as it is commercially useful.
Next up, it’s vital for businesses to recognize the nuances and difficulties associated with doing business abroad. Even if you don’t deal with foreign transactions, if you use a supplier outside of the European Economic Area (EEA) for any business operations you may find yourself falling foul of international transfer regulations. There can never be a bad time to audit your data trail, and making sure that your business is limiting its handling of data could prevent you from suffering the consequences of a breach.
A good example of the above is the use of a merchant services provider for processing online payments. If you partner with a non-EEA provider, customer data could be transferred outside of the UK’s safe data regime and you might find your business on the wrong side of the law as a result. By using an alternative merchant services provider such as UK-based UTP Group, you could rest safe in the knowledge that your business has a secure and reliable eCommerce payment gateway or virtual terminal that not only processes the transactions you need but keeps your business on the data protection straight and narrow – for more information visit www.utpgroup.co.uk.
Taking a stand on data protection
Modern businesses face many challenges, but if the Twitter hack has taught us anything it’s that we cannot afford to be complacent when it comes to data protection. Only by securing our infrastructure and putting the right processes in place can we avoid a data breach and the very significant, expensive consequences that could come with it.
