Data is one of the most valuable assets any firm can hold (possibly the most valuable), and with businesses continually collecting increasing volumes of information the need to protect it is paramount. In order to ensure the security of the data it holds, businesses need to put processes in place, for example defining the scope of user access, since any discrepancies can have expensive results, both financially and in everyday working practices. When GDPR comes into law across Europe on 25th May 2018, the consequences for mishandling customer data will become more far-reaching, and more severe — fines of 4% of annual global turnover or €20 Million (whichever is the greater). Businesses need to be aware of this and ensure data security is their highest priority.
The Scale Of The Problem
“We are in a time where technology innovation drives revolutionary business processes, with cyber security scale dragged along for the ride”.
– Jon Oltsik (The Enterprise Strategy Group)
CSO explains that Cloud, IoT, mobile and digital developments are set to revolutionise cyber security and business operations. The scale of data security weaknesses is enormous. According to the Annual Fraud Indicatorquoted by the UK Cabinet Office, the collective loss to fraud each year for the UK economy is £193 billion, much of which is undetected. The ONS have evidence that data fraud against businesses is increasing. “Action Fraud data shows a 60% increase in businesses reporting computer misuse”. Of course, employers want and need to trust their users but restrictions to access can help to minimise these figures considerably.
The Enterprise Times highlights that “in 2017… there were 4.7 million incidents of fraud and computer misuse”. These figures are astonishing but the capabilities of data protection are already evident in some of the world’s largest firms. RBS, for example, had 37% more attempted fraud cases in 2017 than they did in 2015; prevented 498,000 fraud attempts (44% more than 2015) in the UK and in turn, this stopped £303 million being stolen (14% more than 2015). Data security vulnerabilities are inevitable but data protection is imperative and so each business must acknowledge its threats and put practices in place that minimise risk.
How Can Businesses Take Steps to Improve Data Security?
The need to build a business rapidly, increase profit margins and improve overall value is usually the prime focus of a firm; leaving data security a concern that is often only tackled when there is a breach. A recent Forbesarticle highlights that.
“Criminals generate revenue by attacking businesses and breaching their security — the current ransomware epidemic is an obvious example. Businesses, on the other hand, see almost no immediate financial benefit from security, and because secure systems are time-consuming and expensive to build, they focus on products and features ahead of security. The drive to scale quickly and gather as many users as possible often trumps security concerns”.
One way to tackle data vulnerabilities is for a business to build its frame on an already secure platform. Such foundations are available with security hardening pre-built into the servers, such as those offered by companies such as ServerMania. However, no matter how secure the platform is, the threat of users still remain. Those who access and work with the server and data must be able and incentivised work in a secure way. Forbes explains that “Secure systems and features take more time to build than insecure ones. If a company is in eternal crunch time, churning out one feature after another on short deadlines, they will be impossible to build. Again, it’s up to executives to create a working environment that encourages technical professionals to do their best work.”
Pivigo has also worked to develop data security and enhance the ability for a computer to detect and deter fraudsters, through the Ravelin project. Through gathering historical holistic user data and machine learning, the project served to offer greater protection to online retailers through innovative preparation, modeling and scaling of the available data. “The data science team engineered 40 features from the data to describe each customer and trained several machine learning models using these features to assess feature usefulness and model performance. The most useful features included the time between user registration and card registration, the number of customers using a single card, the mean value of the customer’s orders, their location, and the number of orders they made. The best performing model, correctly identified 80% fraudsters when trained on appropriately weighted data with optimal parameters, with a false positive ratio of two to six times as good as current industry standard rates”.
Unfortunately, there is a multitude of threats to the data held by most companies, both from inside users and external fraudsters. However, the ability to protect this highly valuable asset is available to those businesses that recognise that the patience to build a more secure platform will significantly repay the time and financial investment in the long run.
If you want to know more about how data science can improve your data security, talk to us.