Cyber Aware Customer Service
Unknowingly, innocently, the person giving him access to your systems is probably one of your own people.
We can help reduce the risk.
A German internet service provider faces a €9.6m ($10.6m; £8m) fine after being accused of failing to carry out tough enough customer ID checks. https://www.bbc.com/news/technology-50744333
The Risk
Your Customer Service team opens up 2 main risks to your business:-
- Inadvertently allowing a hacker into the system, resulting in a Ransomware attack which could bring down your order processing/shipping systems etc.
and/or
- An ICO fine due to a data breach or other GDPR/privacy breach.
You and your Board of Directors need to add Cyber-Security to your quarterly meeting agenda, to prioritise finding and addressing the weaknesses in your systems, before someone more sinister does.
Customer requests come from many channels (Email, X (Twitter), Chat). Your staff need to be ready to control and respond to these in a safe way, even when under severe pressure and stress. Each of these touch points carries the risk of an unintentional data breach - such as emailing an attachment to the wrong recipients or clicking on a link which may allow an unauthorised person access into your system.
We reduce these risks by helping you:
- Build a Top-Floor to Shop-Floor privacy-aware customer service culture.
- Run tests to determine if your website and/or network has security flaws which could allow a hacker to steal your data. These tests are carried out via our Swiss technology partner, Boltonshield.
- Monitor your systems on an ongoing basis to highlight unusual access or activity. Most hackers generally spend weeks or months in your systems before launching a Ransomware attack. They know about you, your business and people, your turnover, cashflow, customers and suppliers, so they can pitch the ransom demand at an "acceptable" level.
- Respond and React in the event of a data breach or attack, build a process/checklist to minimise the effects, who you need to tell, how to maintain your reputation.
You MUST be concerned about data breaches from your teams- the Cc rather than Bcc email mistake is a common one.
GDPR has brought "Privacy by Design" to the forefront - not just software but for internal service desk processes also. For example: Using "Cc" rather than Bcc in an email can result in fines : €45k Italian SA fines US company offering diabetes app | European Data Protection Board (europa.eu) and a £780k initial fine to the NHS (reduced after review) - ICO sets out revised approach to public sector enforcement | ICO
How we help
Defensive Services
Defensive Services
Defensive Services
Your IT team probably spends most time "keeping the lights on" and don't have the resources or budget to take an ongoing review of your cyber-security or monitoring suspicious access or system activity.
We can help by advising on :
- Cyber-Awareness training for your front-line staff.
- How to monitor your systems for unusual encounters.
- Tools you can use immediately to reduce the risk of an accidental data breach, such as Tresorit, our Swiss technology partner.
- "State of the Nation" - Penetration testing to find any current weaknesses you aren't aware of - via our Swiss partner Boltonshield.
Reaction Planning
Defensive Services
Defensive Services
- Ongoing monitoring - Setting up a Security Operations Centre is costly and time consuming. Our technology partner Boltonshield can have this up and running for you within a short period of time, giving you 24x7 monitoring of suspicious activity on your systems, devices and users.
- Attack readiness - Ensuring you have a dedicated team, written procedures and checklists in place in the event of an attack or breach.
- Simulation - design and help you to run a mock attack scenario every 6 months to test the processes.
- Prioritise your most critical business processes for review.
- Ensure your system and data backups actually work and allow you to retrieve your data.