What the British Airways Fine Can Teach Publishers About Online Security
Originally appeared on What's New in Publishing
British Airways’ (BA) £183 million fine signals more than a definite end to the GDPR grace period; it illustrates the high price companies could now pay for poor data security.
So far, the Information Commissioner’s Office (ICO) has remained quiet while other global forces wielded their regulatory powers, issuing €56 million in penalties. But its huge debut fines — including a £99.2 million forfeit for Marriott hotels — show the ICO is closing in on any business that fails to protect its customer data from both clear and hidden threats.
So, what must publishers learn from this colossal breach about enhancing site safety?
Lifting the lid on hacker tactics
Fighting unseen assailants is challenging, but as clandestine site hacks increase it’s vital for publishers to enhance their knowledge of what attacks involve and how to tackle them. And the best starting point is an understanding of the mechanics behind digital content creation.
The dangers of concealed tags
From the publisher perspective, there are two key lessons from this attack. Firstly, following the GDPR rules is more complex than simply asking for consent and protecting servers from infiltration. Businesses have must ensure end-user data is safeguarded, which means they are responsible for the code running on their site and any subsequent negative impact, even if it is stealthily loaded by cyber criminals. Secondly, the risk of such hidden hazards is high.
According to Ofcom’s recent Online Nation report, tag adoption is widespread. Evaluating how behaviour is monitored across multiple popular sites, such as BBC, Microsoft, Google and Sky platforms, the results reveal tags are a clear leader — especially for news sites, with an average of 77 in operation at once. Not only reflective of an industry increasingly reliant on behavioural advertising to drive revenues, these findings highlight that publishers are particularly prone to the rising peril of tag-centric cyber crime.
What can publishers do?
Vital to achieving this is frequent and precise analysis. The most advanced tools, for instance, are capable of running instant URL scans that not only track any tags running on a particular page, but also the actions code executes in user browsers. Armed with this real-time insight, publisher IT and development teams can immediately spot potential risks — such as unknown sources, hidden tags, and code running suspicious scripts — which can then be investigated to prevent potential breaches before they occur.
Going forward, the industry needs a change in mindset. At present, tighter privacy and security measures are frequently seen as necessary nuisances. But treating customer data well is also critical to business success. In the post-GDPR world, consumers are becoming equally as discerning as data authorities.
Publishers must learn that the price of ignoring data safety responsibilities goes beyond fines; it also covers consumer trust and experience. By building digital experiences, they are facilitating the data collation and interactions that consumers now expect to be both private and safe. Consequently, privacy protection should be integral to each aspect of consumer experience, from design to daily visits. If publishers want to earn a loyal following and retain trust, keeping sites engaging, efficient, and crime-free is essential.