As with everything, there’s an element of Murphy’s law involved in all things related to data security, and telecoms billing data security is no exception. However, security breaches should not be seen as inevitable. By implementing robust security frameworks that are based on assured repeatable process, there is much a company can do to mitigate its risk.
Following independent audits of its information security management systems (ISMS), Union Street has been certified by the British Standards Institution (BSI) for the internationally recognised ISO/IEC 27001 standard in Information Security Management since 2016. Qualifying required us to make some big investments into our security and hardware infrastructure. This included the deployment of new firewalls, improved antivirus and security software, and building a completely new cloud environment to host our solutions. We also appointed a dedicated Standards and Security Officer to continually assess our security processes, to ensure they are followed correctly and to make certain that our organisation operates to the highest standards for data security.
Based on this experience, we can confirm that maintaining information security is challenging but by no means impossible.
Of course, in order to mitigate risk, one first needs to understand where that risk comes from. Although high profile cyber-attacks are what tend to make the headlines, human error is usually the cause of data breaches. This was borne out in a report published in September 2018 by leading risk solutions provider, Kroll. Based on the preceding 24 months of data obtained from the Information Commissioner’s Office (ICO), the organisation responsible for monitoring and fining data breaches, the report revealed that just twelve percent of UK data breaches occurred due to malicious attacks. The remaining 88 percent were all the result of human error.
The lesson here is clear; although it’s vital to take precautions against external threats, the importance of comprehensive and ongoing training for any personnel with access to sensitive data, cannot be overstated. It’s also important to look beyond your own organisation. If you work with suppliers that need access to your customers’ data, you must be satisfied that their information security framework is every bit as stringent as your own.
No matter how robust you may think your security framework is, you can never afford to become complacent. Nothing’s ever 100 percent perfect when it comes to data security and there’s always room for improvement. Continually reviewing processes and procedures and identifying risk is the key to reducing the probability of a serious data breach occurring.
When it comes to prevention versus mitigation, these should not be viewed as mutually exclusive choices. Removing a risk altogether is certainly preferable to simply reducing it, after all, if a risk doesn’t have to be taken, why take it? One thing a business should never do is to transmit personal data unless it’s absolutely essential.
For example, our aBILLity telecoms billing platform comes with an optional white-labelled billing portal which end-user customers can use to view their billing data. Not only does this empower customers by giving them greater reporting and visibility, it also means that communication providers do not need to send this data via email or letter, removing the risk of this data falling into the wrong hands.
As for mitigation, given that the highest probability for a breach in telecoms billing data security resides in human error, it’s advisable to automate as much as possible. All data and processes for managing data must be regularly audited, especially when it comes to any activities related to the transmission or sharing of data.