Businesses that store sensitive customer information in their data centers need to focus strongly on ensuring this is protected if they don’t want to run the risk of serious consequences. As well as potential issues like a loss of business and a severe reputational hit should businesses allow data such as personal details and financial information to be breached, they could also run the risks of fines from the regulatory bodies in the countries where they operate.
For an example of how this can affect even the biggest countries, take a look at Sony, which has been fined £250,000 (€297,000) by the UK’s Information Commissioner’s Office (ICO) for a major breach of local data protection laws.
Millions of details compromised
The fine stems from a severe incident in 2011, which was well publicised at the time. If you remember, hackers targeted the firm’s PlayStation Network databases and were able to retrieve personal information such as names, addresses, passwords and bank details.
Tens of millions of people around the world were affected and the service was offline for several weeks while the issue was investigated.
However, the ICO determined that the issue could have been easily avoided had Sony been following best security practices and paying close attention to its data centres. It noted key software was not up to date, while technical developments at the firm meant passwords were not as secure as they should have been.
David Smith, deputy commissioner and director of data protection at the body, said this was unacceptable for a company of Sony’s size and resources, as its procedures were “simply not good enough”.
He added: “It is a company that trades on its technical expertise and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.”
Warning to firms
The fine may therefore act as a warning to other companies dealing with sensitive data they cannot afford to be lax in this area. With a recent report from the EU warning cyber threats are on the increase, you need to be doing all you can to protect your data centers to minimise your risk and avoid any severe financial consequences, such as those faced by Sony.
It was stated by the ICO that the size of the fine it issued reflects the scale of the breach, which is noted was one of the most serious it has ever investigated. However, the company observed that one bright side was that the breach has raised awareness among both firms and consumers about the risks involved when websites are collecting and storing highly sensitive personal data.
So for your enterprise, the takeaway from the breach and the subsequent penalty should be clear – it’s vitally important that your make the security of your data center a top priority, no matter how big you are. Whether you’re a small firm or a multinational with a multi-million euro budget to put towards security, you should be investing in the best solutions you can afford, as the penalty for not doing so can be huge and, for less-sizeable companies, could even put the entire business at risk.