British Airways suffered the first big breach post-GDPR, what lessons can other businesses learn from their response?
Late last week British Airways reported that they were investigating the theft of around 380,000 payment card details, potentially including CVV numbers.
As far as disclosing the breach goes BA have done everything right so far: they have made those affected aware and have pledged to remunerate anyone who is financially impacted as a result of the breach.
Jake Moore, ESET Security Specialist, explains why company heads need to be more aware of their cybersecurity and data compliance standing than ever before.
“The introduction of GDPR created a huge shake up in policy and a rightly timed overview on an out-of-date data management system.
This in turn has made boardroom level employees realise that they are far more accountable for cyber-attacks and data breaches.
Whilst businesses have recreated policies and procedures, crisis management has been a relatively new yet vitally important area to focus on.
As more chief staff realise that it’s a case of when rather than if a breach occurs, it is highly possible that more businesses have a ready-made crisis procedure waiting for a potential strike.
With the ICO threatening huge fines to companies, it is therefore paramount that any business with a breach follows the guidelines in its crisis pack and plays ball.
Long gone are the days where heads of companies think they are invincible and that the problem will go away if they stick their head back in the sand.
The ICO are likely to want to stick the GDPR message to a high profile company to show its magnitude and therefore companies are ready to show that they are more compliant than ever before.”
Did you BA breach impact you? Let us know on Twitter @ESETUK.