An ever-increasing number of online threats and a vibrant market for illegally acquired energy information mean that companies would be well-advised to review their energy management software, says Steve Kemp, business development director of Optima Energy.
For those who have been keeping an eye on the data debate, the last 12 months have provided several sharp reminders about the perils of failing to adequately protect information resources. Major corporations and public sector bodies alike have been affected by data breaches, and often paid the price both in terms of financial cost and public perception. Most recently, British Airways was issued with a record fine of £183 million following a large-scale cyber-attack that led to details of an estimated 500,000 customers being harvested by hackers.
The NHS has also been at the centre of several headline stories. Months after announcing that it was to make a major new investment in cyber security, a July 2018 news story saw the service citing a coding error as the cause of the accidental sharing of health data belonging to 150,000 patients. And earlier this year, research found that the use of outdated software and operating systems in the NHS was leaving the health service vulnerable to attack.
The BA fine was the first to be imposed since the introduction of the new General Data Protection Regulation (GDPR). Widely regarded as the most significant reform of data privacy in two decades, GDPR requires controllers of data to put in place ‘appropriate technical and organisational measures’ to implement the data protection principles. Businesses must report any data breaches within 72 hours, while companies who violate the rules may be fined up to 20 million Euros or four percent of their annual worldwide turnover for the preceding financial year – whichever is greater.
It would be an understatement to say that GDPR has prompted renewed scrutiny by many organisations of their data protection arrangements. In terms of its potentially catastrophic impact on a company’s prospects, data breaches have always been extremely bad news. But with the scale of the new regulations there is now a very pressing legal and financial impetus for data protection to be prioritised.
‘Secure software is vital’
Little by little, there are indications that more organisations are investing larger sums in data security. The recent news from UK-based think tank Parliament Street that NHS trusts have increased their spending on cyber-security is obviously to be welcomed. But it’s very likely that the current investment levels are not adequate to deal with all of the emerging threats.
Although some businesses have made more progress than others, one particular area that is largely overlooked by many organisations is the security of energy management software. The potential markets for illegally acquired energy data should not be underestimated: for instance, think of the energy broker who would be very keen to obtain a detailed picture of a company’s energy usage, or a renewable energy provider who could shape an entire marketing initiative around this kind of information. These are potentially lucrative markets for organised hacking operations. And too many business are at risk.
Investing in energy management software should be an integral part of any data security strategy. Reviewing and maintaining the integrity of IT infrastructures and databases is crucial, and bound to become more so as hackers finesse evermore ingenious methods of infiltrating systems.
By its very nature data protection will always be a moving target. And with the ever-growing demand for digitalisation, organisations of all sizes are open to the possible onslaught of cyber-attacks.
It is the fact that cyber threats can go unnoticed until the real damage is clear that makes them so dangerous. Security initiatives, such as the Information Security Management Standard ISO 27001:2013 and Cyber Essentials Plus – a Government-backed scheme to help organisations protect themselves against common online threats – should be seen as essential in ensuring the software you have in place remains as robust and impenetrable as possible. But this is only the starting point in staying one step ahead of the hackers and protecting customers from emerging threats. Which is why it makes sense to work alongside partners who are not only compliant with industry standards but also have a track-record of ensuring energy security.
We are committed to ensuring the confidentiality, integrity and availability of data. Protecting such important data is a critical responsibility we have to our customers, and we continue to invest and work hard to maintain that trust, with our robust systems outlined in our recent security whitepaper.
The unprecedented nature of the BA fine underlines the seriousness with which data protection is now being taken, while the issue’s continued prominence in the media ensures that public awareness will remain high. It’s certainly an area where companies will have to maintain eternal vigilance, but an investment in robust energy management software can provided guaranteed reassurance in at least one major area of operations.