Issue link: https://read.dmtmag.com/i/279349
I DA U N I V E R S A L M a rc h -A p r i l 2 0 1 4 38 Y ou're most likely familiar with the Tar- get Corporation data breach that occurred during the 2013 holiday sea- son. ieves were able to hack into the point-of-purchase display systems (the machines that swipe your credit cards) and stole the credit card and debit card information on more than 110 million Target customers. Worse, the bad guys also hacked into Target's marketing database and stole the personal information— including address, email addresses, phone numbers, and more—on millions of customers. How could this happen? How could a company with Target's resources and advanced security systems get hacked? And what does this have to do with you and your business? Although the investigation is still continuing, it looks like Target wasn't directly hacked at all. Rather, one of Target's vendors, Fazio Mechanical Services, a Sharpsburg, Penn.- based provider of refrigeration and HVAC systems, was the company that was hacked. Because Fazio had access to Target's network credentials, the thieves were able to steal those from Fazio, and use them to access Target's net- work and database fi les. Is Your Company Ready for the Inevitable Data Breach? By Sam Richter Oops. Yes, it can happen to you. And yes, although the bad guys target big companies like Target (pun intended), your business is equally at risk because thieves want access to not only your information, they also want access to the information you have related to your customers. ieves know that larger organizations have very sophisticated secu- rity systems and they likeli- hood of being able to hack in through the "front door" is small. ey recognize that an easier way into a big company is to enter through the "back door," by stealing information from a smaller manufacturer or distributor that services the big company, and that has access to the big company's online systems. If your company is like most, you have customer, employee, and even vendor data located on a computer network accessible via the Internet. Data can include con- tact information, credit card numbers, medical informa- tion, bank account numbers, vendor login information, and more. What's scary is that data can be the greatest risk to your company's future. ieves know that if they can steal your company's valu- able data, they have a gold- mine of information that they can then use to impersonate the identity of your stakehold- ers, and rob them blind. If your company experiences a data breach, you're looking at potentially hundreds of thou- sands of dollars and hundreds of hours to clean up the mess, not to mention the damage to your reputation. A data breach can literally bankrupt your company. Many companies know that their internal network servers need to be encrypted and secure. What too many companies forget, however, is how information can be accessed via the Internet, espe- cially in today's increasingly mobile society. According to a recent study conducted by Verizon, hacking and malware emanat- ing from the open Internet account for 72% and 54%, respectively, of data breaches experienced by small busi- nesses. Small to medium-sized businesses are typically at a great disadvantage versus larger fi rms due to inadequate technology staff resources and reliance on security set up by vendors and other third par- ties. Even if you have a data breach response plan in place, you could be overwhelmed by what actions your business is required to take. e United States has 46 state-specifi c data-breach notifi cation laws in eff ect, and they are all diff erent, accord- ing to channelnomics.com. If you off er services or have customers in more than one state, the compliance costs to follow each state's legal noti- fi cation requirements could be signifi cant. In addition to the notifi cation laws diff er- ing between states, so are the follow-up requirements, such as providing police reports and free credit reports. It is too early to tell if Fazio will ultimately be held liable in any way for the Target breach. A staggering fact is that, even if it's shared liability, the costs will be staggering. On aver- age, the cost to mitigate a data breach is $188 – that's per stolen record. My calculator doesn't have enough space for it to answer $188 times 110 million. e bottom line is, somebody will pay. at's why it's important to have a business identity the protection plan that addresses these issues thor- oughly. You may have to enlist the services of professionals to do the necessary work and comply with all the regulations.