window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-20840989-1'); Notice: Undefined index: HTTP_USER_AGENT in C:\Sites\www.cnc-ltd.co.uk\wp-content\plugins\wp-browser-platform-detection\index.php on line 56
class="post-template-default single single-post postid-879 single-format-standard unknown fusion-image-hovers fusion-body ltr fusion-sticky-header no-tablet-sticky-header no-mobile-sticky-header no-mobile-slidingbar no-mobile-totop fusion-disable-outline mobile-logo-pos-left layout-wide-mode has-sidebar fusion-top-header menu-text-align-center mobile-menu-design-modern fusion-show-pagination-text fusion-header-layout-v1 avada-responsive avada-footer-fx-none fusion-search-form-classic fusion-avatar-square">

WARNING

We've detected that you're using Internet Explorer which is an old, insecure browser and incompatible with many modern features.
Our Customer Portal is not available for Internet Explorer users and we recommend using Chrome, Firefox or other modern browsers for best user experience and full functionality.

Huge BA fine is scary warning

The hefty £183m fine imposed on British Airways for losing half a million customers’ personal data shows Europe’s new data protection law has teeth. And if you don’t take care, it will bite you.

CNC

BA is appealing against the fine – which amounts to 1.5 per cent of its annual turnover. But even if the appeal is successful, the fine is still likely to be far higher than those imposed before the General Data Protection Regulation (GDPR) came into force.

Over a two week period in August and September last year, hackers stole personal data belonging to 380,000 customers. And then the airline disclosed a second cyber security incident involving 185,000 people who had made bookings between late April and late July.

Malicious campaign

Both attacks were part of a wider malicious campaign thought to be orchestrated by Magecart – a shady organisation that also attacked Ticketmaster and Newegg.

The UK’s Information Commissioner’s Office (ICO) could have fined BA as much as £500m but due to BA’s cooperation and its introduction of new security measures, the penalty was lower. However, George Salmon, an analyst at stock market investment giant Hargreaves Lansdown, predicted that the fine would make a “pretty big dent” in the financial performance BA’s owner IAG.

Another high-profile victim to receive a hefty rap on the knuckles recently was hotel group Marriott Bonvoy. It was fined £99m when a breach of its booking systems led to the exposure of approximately 339 million guest records. In November 2018, the company said an unknown third-party had gained unauthorised access to a guest reservation system by exploiting an unpatched vulnerability dating back to 2014.

Gary Jowett from Computer & Network Consultants in Brighton, said: “Such hefty fines may hurt large businesses but much smaller fines could actually be far worse for small and medium size companies that don’t have the financial tools at their disposal to mitigate the consequences. That’s why all businesses have to ensure all aspects of IT security are watertight and take a holistic approach including regular staff refresher training to maintain high standards.”

Cyber Essentials

To help keep standards high, it’s worthwhile attaining Cyber Essentials certification. It reassures customers and business partners that you take data protection seriously and because the UK government recommends it’s renewed annually, it gives you the annual discipline of checking your cyber defences.

However, getting certification can be daunting without outside help for some smaller companies.

There are different levels of certification to consider and you are required to establish a boundary of scope for your organisation’s cyber security. You also need to choose a bona fide accreditation body.

So it’s a good idea to get help from an independent IT consultant who will have broad experience of different companies.

Gary added: “Having strong IT security, which is regularly refreshed, is vital in a world where the threats are constantly changing. It’s as important as maintaining your fleet of vehicles, checking your office’s fire alarms and doing regular fire drills. You can be sure the penalty for compromising customers’ data could be significantly higher than other risks – both in terms of financial penalties and damage to your company’s reputation.”

Newsletter Archives

By |2019-09-23T16:00:31+01:0023rd September 2019|Tech News|Comments Off on Huge BA fine is scary warning

About the Author:

We use cookies to ensure that we give you the best experience on our website. We also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CNC website. However, if you'd like to find out more please visit our Legal and Privacy policy page. Accept