As one of the year’s most significant sporting tournaments draws to a close, we decided to reflect on what the technology world can glean from other environments when it comes to fighting the enemy. In other words, what can we learn from the stars of the #RBS6Nations in the critical defence against fraudsters?
At MYPINPAD we huddled our management team (or ‘head coaches’) to define a set of rules a financial institution, PSP or merchant could incorporate when strategising the best approach for protecting customer information and identity.
As we approach the Grand Slam decider weekend of this famous rugby tournament, we’re confident that companies can learn from each of the national teams’ strategy when developing a security defence play:
- Learn from previous failings
Many companies have fallen victims to fraudsters and hackers in the last year. Far from being just an embarrassing event to report to customers and the board, it is important to take action and determine the circumstances that lead to a breach. Observations and analysis of the attack at the time such as the scale, the number of users affected, the origin and the nature of the code will bring insight to strengthen security methods and future prevention. This is a lesson Scotland have clearly paid attention too, keeping their defensive line tighter than they have in years.
- Identify potentially fatal gaps in defence
Never underestimate the skills of fraudsters. Even if a company has a thorough security system it is vital to be vigilant about defending flaws in your security barriers. Frequent penetration testing should be done, both internally and externally, especially when launching a new system. It is better for businesses to seek out their own hidden vulnerabilities that have been previously overlooked before somebody else does. No team has done this quite like England who have picked holes in the defence of every other team in the championship.
- Develop your own plays and agree on how to communicate across the team
All organisations should have a plan of action and clearly divided responsibilities for their team in case of a breach. Even if it can prove challenging for big companies, all employees need to be adequately informed of remedial actions. It is important for them to build the habit of creating backups to recover data and be briefed on how to defend critical internal servers.
Teams should be defined including a command centre, established decision makers and the communication chain that will be followed. Who will lead the defence? The IT and Security Manager? The COO? And how would it be managed throughout the whole company’s organization chart?
When you don’t do this, you end up like France who, this year, have played like 15 men who have never met each other before, let alone having a common purpose.
- Agree when to action the plans
A business’ ability to respond to a data breach in a timely manner can make all the difference.
Notification to the public of a data breach allows customers to be more proactive in protecting themselves, minimising the potential for harm. To speed up response, it is good practice to have all strategic communications drafted, preapproved and ready including a microsite or landing page to explain what happened, how it is being addressed and what customers should do in the meantime.
Ireland have been the masters at this, this season. Communicating well and working as a well-oiled machine.
- Train, practice and reinforce plays
Security drills for cybersecurity issues are also key to evaluate how effective response to crisis is. Anything that doesn’t go as planned can be solved while there’s still no real threat. This is equally as important an exercise to undergo with vendors and suppliers too.
No team have risen to the crisis quite like England. From being knocked out in the group stage of the World Cup last year to being odds-on favourites for the Slam, these boys have learned the lessons and trained hard for new challenges. And it looks like it has paid off.
Integrating new technology that delivers the strongest user authentication, and maintains a convenient consumer experience, can appear unmanageable. In the spirit of good sportsmanship MYPINPAD is encouraging customers and partners to ‘scrum-down’ and face their opponents, equipped, trained and ready.