Outsourcing To Protect Against Data Breaches

With data central to many of the trends driving the health and fitness industry forward, it’s more imperative to protect against data breaches than ever before. In this article, we explore the impact and cost of personal data breaches to organisations, the challenges data security presents and how outsourcing can protect against breaches and hacking.

At the start of 2020, we reviewed the Top 2010s Fitness Industry Trends and outlined what to expect in 2020 and beyond. One clear theme emerged throughout the biggest trends – the role of data.

Data is at the heart of new services, such as wearable technology and digital fitness services, allowing operators to deliver the highly personalised experiences that consumers crave and increasingly expect. Beyond fuelling the delivery of services and experiences, data is central to ensuring organisations have intelligence to operate successfully.

Growing Imperative To Protect Against Data Breaches

With large amounts of personal data stored and processed, often across multiple systems, organisations are at increasing risk from data breaches and hacks.

In 2019, Risk Based Security reported that there were over 15.1 billion personal records exposed in 7,098 data breaches globally. Big players such as Facebook, Instagram, Capital One and Adobe were hit by breaches according to Cnet.com.

Health and fitness businesses have been amongst those impacted. Leading diet and exercise tracking smartphone app and website, MyFitnessPal, was subject to a significant hack. Around 150 million users were affected by the February 2018 data breach, where compromised data included usernames, email address and scrambled passwords.

Similarly, in the wider leisure industry, British Airways was subject to a significant breach in 2018. Around 500,000 British Airways customers were diverted to a fraudulent website where data was harvested, including logins, payment card numbers, expiry dates & three-digit CVV codes, travel booking information, and name and address details.

Cost Of Failing To Protect Against Data Breaches

Not only will failure to adequately protect against data breaches impact an organisation’s brand reputation and put consumers at risk of fraud, it can be costly. Since the General Data Protection Regulation (GDPR) came into force in May 2018, a breach in personal data could cost a business as much as 4% of annual global turnover.

In the UK, the Information Commissioner’s Office (ICO) will determine the penalty issued on a case-by-case basis ensuring it is effective, proportionate and dissuasive. British Airways faces a fine of £183 million, which amounts to 1.5% of it’s 2017 global turnover. This penalty is currently under appeal until 31 March 2020 according to The Register.

Concern Over Data Security High Amidst Skills Shortage

According to the 2020 Netwrix IT Trends Report, data security is the top IT priority for organisations around the world, no matter the business size or industry of focus. Based on a survey of IT professionals, Netwrix found that 91% of organisations in the retail industry specifically see data security as top priority.

With data breaches and cyber-attacks increasingly common and with more at risk than ever before it’s hardly surprising that data security tops the list of concerns for IT professionals. However, recruiting skilled cybersecurity professionals can be a challenge. (ISC)², the membership association for certified cybersecurity professionals, found a global skill gap in the necessary cybersecurity workforce in its 2019 Cybersecurity Workforce Study. To meet demand the workforce needs to grow by around 145%.

As a result of this, many organisations are deciding to outsource IT security to Managed Security Service Providers (MSSPs) in order to fill the skill gap, as well as reducing the internal risk of data security sitting with a single person.

Cultural Change Required To Drive Up Security

While organisations may need to outsource IT security to a MSSP, in order to better reduce the risk of data breaches and hacks organisational cultural change is often also required.

According to figures from EfficientIP, 39% of European businesses are suffering data theft and, as Information Age reports, employees or former employees are frequently guilty of stealing data. The risk of employee data theft could be significantly reduced as many organisations are too liberal in granting access.

A Ponemon report found that 75% of employees have access to data they shouldn’t. While Quest research found that organisations feel vulnerable to insider attacks due to excessive access privileges and access to sensitive data. Cultural change towards careful management of data access to avoid ‘permissions creep’ will help avoid internal threats.

Secure System Integrations

The 2020 Netwrix IT Trends Report also found that 44% of CIOs have integration projects in their sights. Integrating systems simplifies internal processes, lowers costs and enables organisations to get more from their software investments.

The health and fitness is a prime example of an industry where organisations are looking to benefit from integration projects. Typically operators are using many different systems, integrating these will ensure smoother operations and power the delivery of consistent customer and member experiences.

Working with software and service providers who have the flexibility to integrate with your existing and future systems is vital to futureproofing your organisation. All integrations where data exchange occurs should be built with security in mind.

Payments Data A Target

An attractive target for theft, payments data requires particularly careful handling to protect against data breaches. With payments data often stored for future use, health and fitness operators need to consider how membership payments are managed with an eye to protecting this sensitive data.

Traditionally Direct Debit payments have been managed using paper mandate forms (see What Is A Direct Debit Mandate? for more). This approach represents a security risk with member bank account details processed and stored on paper that could be easily lost or stolen without proper processes in place.

Digital or paperless Direct Debit mandates avoid handling and storing paper records, however without adequate security procedures member data can still be at risk. If employee access to sensitive payment data is not adequately restricted and monitored risk of theft will be higher. Similarly, without adequate digital security data may be at risk from hackers or cyberattacks.

Outsourcing To A Trusted Third Party

Outsourcing membership payments to an FCA authorised Direct Debits payment provider can ease the burden of protecting member payments data against breaches. From our fully PCI compliant online joining platform, to our secure software integrations with leading providers, Harlands Group is trusted by health and fitness leaders to look after membership payments and more.

As an FCA authorised payments institution, a Bacs accredited facilities provider and ICO registered business, we provide organisations with the peace of mind that their members personal information is protected against data breaches to the highest standard.

Our online joining platform takes away paper Direct Debit mandates and is highly flexible to meet your needs whether members are signing up in club or remotely. Secure integrations give your team access to member payment statuses without the need to share or handle sensitive bank account details – removing this burden from your operations. You can rest assured that your members details are always secured in our systems and with our highly trained team.