As I was waiting to fill up my car this morning I was reading the headlines of all the newspapers lined up against the wall. The Daily Mail’s front page read “Millions of M&S Customers Hit by Email Hack”. It struck me then that our job in IT security PR is now pretty much mainstream. When a customer of M&S becomes a victim of a hack then that hits at the core of our very civilisation! It means none of us are safe anymore, we are all victims now of computer fraud, everyone of us at some time or other is going to have to accept that our details are going to get compromised – whether through a doctor losing his unencrypted laptop or a company like M&S who use a supplier like Epsilion as their permission-based email marketing company. One way or another the hackers are going to get us. Unless companies start to take security seriously.
The reputational impact and damage of a breach on a brand like Epsilon is irreversible, other companies like M&S, Lacoste and Marriott Hotels who were all customers of Epsilion are also going to be hit by this breach. And all that Epsilion did was issue a one paragraph press statement about the main data incursion. Doesn’t this just smack of the incompetent and unprofessional way that RSA dealt with their hack only just a couple of weeks ago? And how many millions of pounds has that little breach cost RSA? I know through a friend of mine that they are now maniacally recruiting contractors to go and mop up the damage! But shouldn’t these companies be made accountable to losing their customers details?
Either companies batten down the hatches and make sure that they use as fail safe security as they possibly can or face the consequences of losing their customers. It won’t be long before the general public walk away from companies who can’t prove they have good security measures in place. This goes for those third party outsourcers who also have our details, we need to demand to know who these third party outsourcers are that our details are going to and an assurance that when our details are being onto them, that they also can prove they have strong security in place.
Unless of course in this mad world in which we live, companies continue to disregard security a bit like not bothering to invest in a burglar alarm until they have a burglary, and therefore companies blithely ignore security until they suffer a breach. As a PR agency specialising in IT security you would think that I would be happy if companies ignore security, as I should make more money out of these guys when a story breaks. Not so, because as a consumer and an M&S customer who frequents Marriott Hotels with my Lacoste luggage (actually I can’t afford Lacoste luggage quite yet),I have unknowingly become a victim of this breach. I therefore, would far prefer it if companies respected my personal details and invested in the right sort of security to keep my details safe and sound!