View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Digital Transformation
January 7, 2016updated 28 Mar 2017 4:27pm

TalkTalk lessons learned

Fifth TalkTalk arrest but company still suffering

By John Oates

As the fifth person is arrested for alleged involvement in the TalkTalk hacks we look at what lessons can be learnt from the embarrassing episode. Some are obvious – don’t get hacked and if you do get hacked then tell the truth about it.

The company failed to be straight from the start which made the public relations fall-out all the worse.

TalkTalk shares are down by more than 30 per cent and it has set aside at least £35m to pay for the damage done. Customers will be getting some sort of upgrade to try and win back goodwill but other costs include depressed sales and spending on extra security in the wake of the attack.

Of course TalkTalk are just the latest in a long line of UK firms which have suffered big data losses. And they’re not likely to be the last.

But what is different this time is that the damage has been so widespread that the way companies are talking about security is changing. The reason business attitudes are changing is because public attitudes have changed.

People are far more sensitive to how companies treat their data which is making business take the issue more seriously.

Talking to a leading security vendor recently we were told: “TalkTalk has changed everything. Security purchases used to be just a box-ticking excercise – someting you had to have – but now companies are looking in detail at what the software can do and what protection it offers.”

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

Getting the right software in place is vital of course.

You need an excellent security team in place to ensure software is up-to-date and you have a regularly checked security strategy in place.

But this fire fighting force is just part of the solution – equally important is company culture. Your staff, from top to bottom, need to be making IT security a central issue in everything they do.

The TalkTalk attack started with a denial of service attack on its website – but this was likely a smokescreen for the attack which went after customer data.

This might have used a phishing attack – an email targeted at an individual, or small group, of staff.

Such attacks are increasingly sophisticated – it could look like a mail from a senior manager, it might sound like the sort of message they would send – so finance staff get offered budget spreadsheets and marketing departments get offered presentations to look over.

Different staff, with different access to company systems, need different security training.

People with mobile access to corporate networks need to know how to keep Wi-Fi access safe for instance.

You need to make sure laptops and mobile phones are password protected or a lost device could give easy access to your systems. You’ll also need sofware in place to make it easy to remotely wipe data from devices which are lost or stolen.

Anyone dealing with sensitive data needs to know about encryption. The Information Commisioner’s Office has fined companies for not encrypting customer data even when they’ve taken other measures, like password protection, to keep it safe.

None of this will stop you being attacked.

But the best software protection and a corporate culture which puts security in the front and centre of all decision making should mean you’re in a good position to defend yourself .

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.