Every day it seems there is a new announcement of yet another major enterprise that has been hacked. From government departments to retailers, from airlines to financial institutions, from hotels to web services providers, no organization is immune from the ever-present threat of cybersecurity attacks. COVID-19 has only served to heighten the risks. With more people working at home and shopping online, the potential for cyber-attacks has increased accordingly. The need for strong and effective protection measures is now more important than ever.
Security matters. It matters because there is every chance that a serious breach could damage or even ultimately bankrupt your business. It matters because it could harm your company’s most precious asset: your customers. And it matters because if you are found guilty of breaking security laws, you could end up being fined millions of dollars: US credit agency Equifax was fined $575m in 2019 for security lapses, and British Airways was also hit with a charge of $230m that same year.
Whilst it is virtually impossible to stop the most determined hacker, the vast majority of attacks can be defeated or avoided by taking a pro-active, common sense, and pragmatic approach to security. And the best way to do that is to comply with the leading cybersecurity standards. Some are industry-specific, some are compulsory, some only apply to certain countries, and some are actually quite hard to achieve — but they all have one vital aim in common: to ensure that you and your customers stay safe.
The Most Important Cybersecurity Standards
Here’s an overview of some of the most important cybersecurity standards across the globe:
GDPR (General Data Protection Regulation) is the EU’s flagship policy on data protection and privacy. It applies to all countries in the EU, to some other European countries, and to organizations outside of the EU collecting data about EU citizens. GDPR was implemented in 2018 and is renowned for its zealous and high standards of consumer protection. The impact of Brexit on data protection in the UK remains unclear, but UK companies doing business in the EU will still need to comply with GDPR regardless.
HIPAA (Health Insurance Portability and Accountability Act) is a US standard for the healthcare industry. Signed into law by President Bill Clinton in 1996, HIPAA includes a range of healthcare guidelines, most importantly with regard to maintaining strict patient confidentiality. HIPAA compliant software like Perimeter 81 helps hospitals, suppliers, and other players in the sector to adhere to the guidelines and keep the personal data of patients secure and private.
ISO/IEC 27001 is a standard for information security management systems, from the International Organization for Standardization / International Electrotechnical Commission. It’s part of a broader set of standards (ISO/IEC 27000) designed to help companies manage the security of data provided by third parties. Whilst not obligatory, ISO/IEC 27001 compliance helps to protect your company, plus it emphasizes to your customers how seriously you take security.
SOC 2 was developed by the American Institute of Certified Public Accountants and is a standard based on five principles: security, availability, processing integrity, confidentiality, and privacy. It’s designed to ensure that service providers manage data securely on behalf of their clients, and it has particular relevance where customer information is stored in the cloud. A SOC 2 Type 2 report assesses how well service providers are safeguarding customer data. SOC2 is popular in North America, and though it is starting to gain some international traction, ISO/IEC 27001 is more prevalent across the globe.
PCI DSS (Payment Card Industry Data Security Standard) was designed with the input of all the major players in the sector and includes a range of security controls around the holding of customer data. All vendors and service providers that process, transmit, or store cardholder details are obliged to comply with the standard.
In this day and age, it beggars belief that any company would risk its wellbeing — and that of its customers — by compromising on security measures. Sadly, hackers never stay still, and we can be certain that new cybersecurity threats will continue to emerge. But by embracing the top cybersecurity standards, and by taking a proactive, ongoing approach to security, you can help to ensure that you and your customers stay safe.