KNOW THE RISKS
Privacy, cyber and data risks abound in today’s environment. A big part of the challenge is that there are so many potential holes in any security strategy. Many companies today have a Bring-Your-Own-Device (BYOD) policy in place. Even with robust security measures, many businesses can’t fully control how, when and where employees use laptops and other devices that may house sensitive data or be connected to the network. Additionally, organizational and individual connections to the online realm are constantly expanding—smartphones and tablets are quickly being joined by smart watches, fitness trackers and other “smart” devices and appliances—and the amount of data flowing across those connections is growing exponentially. This confluence of factors translates into more security holes and potential access points that hackers and cyber thieves can exploit.
A brief recap of highly publicized breaches illustrates the risks. Some of these network intrusions have been nothing short of mammoth in scale. In the retail sector, Target experienced a breach that potentially impacted up to 150 million consumers.8 That was closely followed by a similar incident at Home Depot that exposed the data of around 56 million consumers.9 But stores sporting point-of-sale systems that collect payment card information aren’t alone in the data breach landscape.
Smaller businesses and organizations also are impacted by breaches. Examples of incidents that regularly occur across the country include:
- A company laptop that turned up in a pawn shop exposed several hundred employee records • A high-end car dealership break-in resulted in stolen customer information
- A local hospital couldn’t locate unencrypted backup tapes
- Confidential records from a local business were found in a Dumpster
These breaches, though they’re in different industries and involve different types of data, highlight the enormous danger companies of all sizes face. Organizations in every market sector manage data that is valuable and Highly sought after by thieves. In some cases that’s financial data, which may include credit and debit card numbers, bank account numbers, routing numbers, retirement savings plans (401K and IRA), and other important account numbers. In other instances, the information sought by hackers may be more personal in nature. Social Security numbers are routinely stored not only by employers, but also by companies that extend credit or run background checks, such as mortgage representatives, temporary employment services, car dealers, apartment complexes, and many other types of businesses.
Even if a corporate entity isn’t hacked, individuals have shown they’re surprisingly adept at compromising their own personal data all by themselves. A stolen credit card often ranks as a simple annoyance—call the card issuer, get it canceled—but a lost mobile device could be a real disaster. Stuffed full of stored login credentials, prescription refill numbers, financial account information, and passwords, even the smartphone could expose a person to identity theft if it falls into the wrong hands or isn’t properly password protected against unauthorized access. More traditional risks still exist, as well. A home or business break-in, where thieves are able to remove bank statements and other highly sensitive documents, can be a calamity.
UNDERSTANDING BREACH CAUSES—FROM CYBER CRIME AND EMPLOYEE ERROR TO MORE TRADITIONAL METHODS SUCH AS LOST OR STOLEN DEVICES—IS CRITICAL TO MINIMIZING RISK.
BREACH SCENARIOS What gets businesses into hot water?
- Missing or stolen laptops or storage devices
- Incorrect mailing or faxing of confidential information
- Erroneous data posting
- Compromised system or network
- Loss or theft of physical documents
- Lost backup data or tape
- Breach caused by third party vendor
- Improper document/ equipment disposal
- Malicious insiders
8 “$10 Million Settlement in Target Breach Gets Preliminary Approval,” New York Times, March 19, 2015, http://www.nytimes.com/2015/03/20/business/target-settlement-on-data-breach.html?
9 “Home Depot Says Data From 56 Million Cards Taken,” New York Times, September 18, 2014, http://bits.blogs.nytimes.com/2014/09/18/home-depot-says-data-from-56-million-cards-taken-in-breach/.