UK telecoms company Talk Talk have admitted this week to a third data loss / breach of their IT systems in the last couple of years, with this latest breach potentially the most damaging.
Internet criminals have hacked into the company systems, stealing bank details, credit card information and personal details. This horde of information opens up the potential for not only financial loss to Talk Talk customers, but also identity fraud.

At the end of the day, it is Talk Talk responsibility to protect the data their customers entrust them with. This means taking the business cost and productivity savings of IT business systems, and investing that money into increased data security and encryption methods. 

I’ve heard some commenters suggest the issue of cybercrime is a government issue – how can this be. Everyone knows that to protect a house, you should lock windows and doors and install an alarm, hence security is a companies / individuals responsibility, not governments. Commenters and companies that want government intervention are just passing the buck!

It’s not just big companies that are targets

Whilst the incident at Talk Talk is a good media news story due to the number of people affected, along with the profile of the company, every day many smaller companies are targeted, offering potential rewards for poor security systems being breached.

In the last twelve months I’ve visited professional services companies that do not have the Internet Security Firewall device plugged into a power source, companies with no anti-virus, with no data back-up policies or a basic understanding of how a connected world could threaten their business. These same companies however, store a huge amount of sensitive details about their customers, including payment details, legal and medical records and private information.

In my opinion, there are two options to ensure our personal data is protected, firstly, we should ask companies storing our data their policies, and move our business / accounts in the event of a data breach. Secondly, business owners should be held criminally responsible if they do not take responsibility for our personal data.

I’m sure if a jail sentence was attached to a data breach, more time and investment would be spent protecting systems, you never know, maybe that unplugged Firewall I saw might get plugged in!