A matter of trust
Simon Clayton, chief ideas officer at RefTech, says honesty is always the best policy in the event of a data breach.
Last month, one of our competitor’s platforms and main website went offline for most of a week, leaving their customers high and dry.
How do I know this? Because some of their customers – the ones who were organising imminent events - came to us in a panic to see how we could help them instead.
We don’t know what happened because the company is staying tight lipped, possibly because of the length of time it took them to recover. Problems can hit any business, and plenty of huge sites have fallen pray to hacks or outages in the past. So it’s not the outage that surprised me, but the length of time that their systems were offline. As a supplier of a business-critical service, they should be able to recover and get back on their feet again in a matter of minutes, not days.
If they were hacked (which is one possibility) then I believe it’s important for an organisation to ‘own’ the hack, to admit they had a problem and be honest and open about it. Of course, if this was a reportable data breach because personally identifiable information was lost or stolen then both the ICO and the Data Controllers would need to be informed. Failure to do so could result in a fine of up to €20m or 4% of global revenue (whichever is higher).
This situation has led me to reflect on our own situation. We have multiple redundancies and plenty of backups, which mean we can recover from a server problem quickly and easily.
"The technique enables us to build and deploy a brand new server with a very complicated setup in less than 10 minutes."
One of the main technologies we use for this is called containerisation. That may be something you’ve never heard of, but it enables us to build and deploy a brand new server with a very complicated setup in less than 10 minutes. Containerisation is a method where you build everything your website or web application requires including all of the services and configuration into a single “package” that can be deployed quickly and easily.
Servers used to be like treasured pets: they were expensive to purchase and so they were looked after for as long as possible. If they went wrong, they were repaired. But now they are a simple commodity - if they go wrong you quickly get rid of it and get a new one. If a server shows any hint of going wrong, you can quickly and easily move all of your business onto a new one.
What would your company do if it were hacked? What would happen if your website went down a week, or even a day, before your event? How long would it take your IT team to get the business back up and running again – especially if it is the eve of your event and everyone is stressed to the nines?
Don’t let people just tell you the answer - ask them to prove it by doing it now, and not when you have a problem. At that point, it’s too late to put anything right.
So - be prepared for the worst, and if anything unfortunate does happen, please be honest and open about it. We all know that honesty is the best policy, and your customers will thank you for it.