Safeguarding customer data is no longer merely a good business practice — but mandatory. Unfortunately, there are still many data breach incidents, where the most basic security measures were ignored. Jens Schroeder, tyntec's CTO Office, shares his recommendations how companies can strengthen their security standards.
With Customer Data, Don’t Skip the Basics
Let’s start with the basics: If you handle your customer’s number one asset — their data — there are some things you simply don’t do.
The recent data breach of Voxox reported by TechCrunch is a glaring reminder how even the most basic steps are sometimes overlooked when it comes to data protection, in this case by exposing critical customer details in an online database without even protecting it with a password.
The Voxox case appears to be an instance of shocking negligence and has compelled me to share a few of the important measures we take at tyntec to safeguard us from known vulnerabilities — measures we welcome any organizations with similar needs to adopt.
First, we’ve made a strategic choice not to rely on third party cloud providers. As a company with a heritage of building our own network infrastructure and proprietary technology stack, we needed the level of monitoring and control we gain from hosting our systems and services ourselves. That approach works as a compelling differentiator for our enterprise customers with strict compliance requirements.
Second, the separation of application, service development, and IT teams, enables our IT team to configure our firewalls with sufficient control to make it possible to detect the types of security flaws we saw in the Voxox case. Unlike many organizations with a developer-driven setup that allows developers to configure the network infrastructure by themselves, at tyntec our IT team enforces the responsible network team to adhere to a ‘four-eyes’ principle for editing firewall rules — thus elevating our control mechanism.
Third, GDPR compliance is a hard measure that helps us to take the mandated steps to train our employees; encrypt/pseudonymize wherever possible; segregate data, network and systems; control access to facilities including tyntec-owned ECB-S grade data centers.
No matter which industry you operate in, it’s only a matter of time before someone in the ecosystem falls prey to a malicious attack. Yes, security is hard — but that's no excuse for neglecting the very basic steps that we all have to check off. As we at tyntec continue to strengthen our security controls and standards, we take security breaches like that at Voxox as an opportunity to ensure our security measures are strictly followed through.