6. AMEX Cyber security

6. Identify the cyber security measures the company website has in place, discuss if the company website complies with e-business ethics and provide recommendations/suggestions with justification.

As a bank that deals with highly sensitive customer data it is imperative for American Express to have safe and secure cyber security measures in place. Failing to have this in place can lead to destructive consequences for the business such as reputational damage, financial loss and a diminished customer trust. In 2019 AMEX experienced a data breach when a former employee had access to personal customer information and tried to use the obtained data to commit fraud. This further confirms the UK Government Cyber Security Breaches Survey reports finding of the most common cyber breaches and attacks coming from staff member activity.

Employees have a responsibility to stand as a human firewall to help keep the business protected and in order to maintain a secure environment.

American Express has numerous organisational security measures in place. For staff it is required for passwords to be changed every 3 months, this reduces the risk of cyber security attacks. It is also mandatory for each employee to undergo video training on cyber security and data breach at the start of their employment. There is also a thorough training on how to deal with loss of laptops and company phones. Furthermore, the company highlights the importance of not sharing passwords and how to identify phishing emails by mandatory training. Workers also have to sign an acceptable use policy before gaining access to the company network and is further enforced by the restricted access to a wide range of websites. Information control systems monitor the software’s downloaded by employees. And input and processing controls keep a track record of every change made by employees including name, time, date and employee number with every change that has been made.

Implementing further safety measures, when a customer calls in it is essential for employees to go through security questions before discussing anything with the caller, this is done by the customer having to answer a few personal questions. With online banking it is required for customers to set up a strong password to get access, the business also gives customers the option to further secure their online banking through facial recognition and fingerprint. All passwords and pins are also strictly not shared over the phone or via email, this is all received by the customer via post.

American Express has the responsibility to deal with customer data and information in an ethical way. With American Express being ranked as one of most ethical companies in the world for 6 years in a row by the Ethisphere Institute, it can be said that the company complies with e-business ethics. This is reflected in their robust privacy program which is easily accessible for customers through the companies website and gives transparent information on policies and governance allowing customers to feel confident on how their personal information is stored and protected. Customers also have control over privacy choices as they have the option to opt in or out of marketing communications and when it is required for customers to provide the business with personal documents this is done through a secure document submission centre which helps in the combat against fraud attacks .