It’s vacation season, and in the social media world that means a news feed full of summer-themed hashtags. But despite the increased buzz, it’s important to remember that your media-rich content requires its own SPF (security protection factor).
The summer season can mean a skeletal workface and reduced resources, so it’s imperative that you’re equipped to handle a data breach correctly, swiftly, and decisively.
Let’s explore what that could mean for you in the media sector.
Data breach example
What is Timehop? Timehop kick-started the digital nostalgia category across social media and continues to reinvent reminiscent behavior online. On Facebook, Timehop shows users their popular historical posts to help rekindle memories. Unfortunately, Timehop detected an ongoing cyber attack in July this year, discovering that email addresses, names, phone numbers, dates of birth, and gender information had been stolen.
Timehop security incident statement, updated July 11, 2018
“On July 4, 2018, Timehop experienced a network intrusion that led to a breach of some of your data. We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken. While our investigation into this incident (and the possibility of any earlier ones that may have occurred) continues, we are writing to provide our users and partners with all the relevant information as quickly as possible.”
The total number of breached records was approximately 21 million.
Find an up-to-date timeline of Timehop’s breach activity here, which the organization has tracked back to December 19, 2017.
Data breaches in the media sector will inevitably be high-profile events as consumers grow ever more empowered with each new ‘like’ and ‘share’. Consumers are also starting to gain a deeper understanding of their online rights and freedoms, as control over user-generated data begins to shift from corporations to the individuals themselves. That expectation will only become more apparent as our content is increasingly dependent on consumer demand. We must allow for (and facilitate) that shifting control over the content we produce and how it’s measured. We must also expect a data breach in the media sector to drive topical news while it’s happening. Online disinhibition will fuel both users and partners to be vocal about the impact of a data breach across their existing networks of friends and colleagues. A data breach during this vulnerable summer period could bring your live service, platform, or web app to a grinding halt.
Data breaches in the media sector
Global organizations that fall within scope of the EU’s GDPR (General Data Protection Regulation) must comply with its requirements. If registered in the UK, your organization is required to notify the ICO (Information Commissioner’s Office) – the UK’s supervisory authority – if a certain type of personal data breach occurs. You must also keep a breach log and notify customers, if the breach is likely to adversely affect their privacy.
Although state legislation and federal legislation require service providers to report data breaches to the supervisory body, the GDPR places strict timescales for reporting such breaches. The relevant supervisory authority must be notified within 72 hours of your organization becoming aware of the breach, and organizations must address the following:
Addressing the above can be challenging for media owners, particularly during the summer months when staffing levels are low. Doing all of this within 72 hours adds to that challenge – especially as organizations instinctively want to use that critical time to remediate any damage caused by a breach and avoid a PR horror story.
Preparing for a breach – no organization is immune
Any organization can be breached. After all, organizations must patch all of their vulnerabilities, whereas cyber criminals can rely on just one employee mistake or find just one weakness to infiltrate. However, how well prepared you are for a breach can be the difference between minor disruption and significant financial and reputational damage. One way to prepare is to keep (and maintain) a 72-hour kit, which is a collection of tools and supplies needed to sustain ‘life’, minimize suffering, maintain dignity and independence, and facilitate appropriate actions in an emergency situation.
IT Governance has developed a series of packages for organizations looking to mitigate the summer slowdown to get prepared for the upcoming challenges they face, and the short timeframes they must now adhere to. Identify your organization’s risk appetite and apply the relevant SPF with our pic’n’mix of proven information security solutions.