The Internet Shopping Phenomenon, Lush Cosmetics and ISO 27001

Lush has grown from small beginnings in Poole in the early 1990s into a presence on nearly every high street in the UK. The stores are colourful and packed floor to ceiling with lots of sweetly scented products like shampoos and shower gels. The ethos of the company is that all products are made with natural ingredients and packaging is recycled wherever possible. Many products such as the handmade soaps and bath bombs have no packaging at all. The company is also very ethical in its business approach when it comes to issues such as fair trade sourcing and testing on animals.

 

Alongside the success of their High Street stores, Lush has built a hugely successful internet business. Many products which are not available in the shops or that have been discontinued are available exclusively for purchase on the website, and the company runs popular marketing campaigns through sites like FaceBook. As Lush is a brand which appeals to young consumers, their internet based business has grown exponentially in the past few years as this section of the market has turned away in increasing numbers from traditional shopping on the high street to online ordering, especially in the run up to the Festive period.

 

At the end of January in 2011, Lush announced that its website had been the victim of hacking attempts, and that customers who had ordered goods between October and January may have had their card details stolen. Lush immediately took down their website and said it would be building a new internet portal from scratch rather than using any of the old software. The hackers affected not only the UK site, but also international sites affecting customers as far afield as Australia and New Zealand. The exact number of customers who had their card details taken is not known. Lush later admitted that it should not have been storing customer payment details after the transaction had been completed. Although all affected customers had money returned to their accounts, the episode has brought the issue of internet shopping security to the forefront of shoppers' minds once again.

 

As Lush engineers begin to develop their new, better website they will be looking to the ISO 27001 standard for guidance. ISO guidelines are internationally recognised and are the byword for best practice in any given industry. Any company wishing to improve security and management of data can approach ISO for advice, guidance and auditing. Advisors will help the IT department put in safeguards and system checks to ensure that data is held and managed securely, and in a manner appropriate to the business objectives. Holding the ISO 27001 certification should mean that Lush’s systems are far less vulnerable to cyber attack than they have been in the recent past.