While the sassy summer sunshine shines,
you should be shielded in the shade for sure.
A ferocious summer heatwave continues to dominate the majority of the UK’s social media posts and entertainment news stories. But despite increased excitement and relaxed engagement online, it’s important to remember that your media-rich content requires its own SPF (security protection factor) to defend against a costly data-breach burn… especially during the holiday months when your workforce is reduced and your resources are limited. It’s imperative that you’re equipped to handle a data breach correctly, swiftly and decisively. So, let’s explore what that could mean for you in the media sector.
Data breach example
What is Timehop?
Timehop kick-started the digital nostalgia category across social media and continues to reinvent reminiscent behaviour online. On Facebook, Timehop shows users their popular historical posts to help rekindle old memories. Unfortunately, Timehop detected an ongoing cyber attack in July this year, discovering that email addresses, names, phone numbers, dates-of-birth and gender information had been stolen.
Timehop security incident statement, updated 11 July 2018
“On July 4, 2018, Timehop experienced a network intrusion that led to a breach of some of your data. We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken. While our investigation into this incident (and the possibility of any earlier ones that may have occurred) continues, we are writing to provide our users and partners with all the relevant information as quickly as possible.”
The total number of breached records was approximately 21 million.
Find an up-to-date timeline of Timehop’s breach activity here, which the company has tracked back to 19 December 2017
Data breaches in the media sector will inevitably be quite high-profile events as consumers grow ever more empowered with each new ‘like’ and ‘share’. Consumers are also starting to gain a deeper understanding their online rights and freedoms, as control over user-generated data begins to shift from big corporations to the individuals themselves. That expectation will only become more apparent as our content is increasingly dependent on consumer demand. We must allow for (and facilitate) that shifting control over the content we produce and how it’s measured. We must also expect a data breach in the media sector to drive topical news while it’s happening. Online disinhibition will fuel both users and partners to be quite vocal about the impact of a data breach across their existing networks of friends and colleagues. A data breach during this vulnerable summer period could bring your live service, platform or web-app to a grinding halt.
Data breaches and the GDPR in the media sector
Since it came into force on 25 May 2018, the EU GDPR (General Data Protection Regulation) has led to an increase in complaints and reports of data breaches, according to Ireland’s DPC (Data Protection Commissioner). In the UK, service providers are required to notify the ICO (Information Commissioner’s Office) if a certain type of personal data breach occurs. They must also keep a breach log and notify customers, if the breach is likely to adversely affect their privacy.
The GDPR places stricter time pressures on organisations to report a data breach. The ICO must be notified within 72 hours of the organisation becoming aware of the breach, and organisations must address the following:
Addressing the above can be challenging for media owners, particularly during the summer months when staffing levels are low. Doing all of this within 72 hours adds to that challenge – especially as organisations instinctively want to use that critical time to remediate against any damage caused by a breach… and avoid a PR horror story.
Preparing for a breach – no organisation is immune
Data can be breached in such a variety of ways that it’s impossible for even the best measures to protect you from 100% of threats. However, how well prepared you are for a breach can be the difference between minor disruption and significant financial and reputational damage. One way to prepare is to keep (and maintain) a 72-hour kit, which is a collection of tools and supplies needed to sustain ‘life’, minimise suffering, maintain dignity and independence, and facilitate appropriate actions in an emergency situation.
IT Governance has developed a series of packages for organisations looking to mitigate the summer slowdown in order to be prepared for the upcoming challenges they face, and the short timeframes they must now adhere to. Identify your organisation’s risk appetite and apply the relevant SPF with our pic’n’mix of proven information security and incident response solutions.
Become #BreachReady this summer and protect yourself with IT Governance.