Recent data breaches and cyber attacks on Citibank, Epsilon and Sony are once again shining a spotlight on how vulnerable companies and consumers are to data breaches.
Earlier this week, Citigroup announced they had discovered that the names, account numbers and contact information of hundreds of thousands of bankcard holders had been compromised in a breach. The announcement comes on the heels of last month's revelation that 101 million users had their information compromised in the Sony Breach.
In this electronic age, nearly every business today is collecting and storing personal information of both consumers and vendors. Information like names, addresses, Social Security numbers, credit card and other account numbers is at risk. Big or small, practically every business, bank or public institution can be a source of valuable one-stop shopping for a host of identity thieves.
The simple truth is this: loss of customer and employee data can be a financial and public relations nightmare that can damage your organization's reputation and bottom line. And the consequences of a data breach can be severe. Several businesses across the nation have been forced to close their doors because of bad press, and the loss of once loyal customers.
Factor in that the cost of data breaches continues to rise, and it's no surprise that many find themselves asking, "If the high-profile companies are at risk, what's the small business to do?"
Have a plan.
Regardless of the size of your company, you should have an identity theft protection/breach preparedness team or specialist that understands all the relevant risks, threats, and vulnerabilities associated with data breaches. Not only should your organization have a strong understanding of the possible threats, small business owners should also have procedures in place for regularly monitoring existing security practices to ensure that security procedures are working as they should.
Along with your plan to protect data, you should also have a detailed and decisive plan for what to do if something goes wrong. Not only will this help minimize any potential damage, but a quick response to a breach will go a long way in building and maintaining confidence among your customers that you're doing everything possible to protect their personal information.
Secure information.
Help protect information by implementing both physical and electronic security methods.
When it comes to electronic security and data protection, use the best available. You'll almost always find the upfront cost of securing information to be far more cost effective than the cost of fixing the problem once the damage is done.
Along with electronic protection, make sure all your employees are well trained in the proper methods for protecting, storing and destroying valuable information. Limit employees' access to sensitive information on a need to know basis.
Dispose of data.
Don't store information you don't need, and always remember to use shredders and wipe decommissioned electronic devices (including laptops, external hard drives, and copy machines) to properly dispose of unnecessary data. Thieves can't hack information that isn't there.
Limit outside access.
Restrict the ability for sensitive data to be taken off-site. This includes mobile devices. Information that is taken outside of your office is open to a whole host of threats from physical theft to viruses on your employees' home computers.
Remove all peer-to-peer file-sharing software and deny access to file sharing sites from all company computers. P2P and file sharing sites can provide wide-open doors to nearly all your information.
For computers that store sensitive customer databases, disable email, and Internet access to avoid phishing and malware attacks.
Trust the professionals.
Lastly, consider using a third party expert. Identity theft protection and breach specialists can help you identify holes in your security systems and, if a breach does occur, quickly restore public confidence and avoid unnecessary costs.
Experts like LifeLock can help by initiating a rapid response and providing an immediate communications plan to help minimize loss and restore trust. They can more effectively manage security notifications-required by state and federal law, as well as provide letters and emails to help put fear to rest in the affected community affected by a breach. When necessary, they can provide identity theft protection and ongoing support to stay ahead of future complications.
The point is, despite the headlines, there are absolutely things you can do to protect your company and consumers. The important step is to act now, so that the next breach headline isn't yours.