Print   RSS

Are Your Customers Safe When It Comes to Private Data?

Jay Fremont

December 13, 2013

Hardly a week goes by without another headline-grabbing report of a data security breach at a major corporation or organization.

In each of these security breaches, the personal financial information of hundreds of thousands -- if not millions -- of consumers is put at risk.

Although media accounts focus primarily on large-scale security breaches at companies that are national or international in scope, most security breaches affect small and medium-size businesses.

According to a report in Forbes, Verizon's 2012 Data Breach Investigations Report claimed that 71 percent of the security breaches it investigated targeted businesses with 100 employees or less.

Some 47,000 Security Incidents

Even more sobering statistics come from Verizon's 2013 report, which covers 47,000 reported security incidents and 621 confirmed data breaches.

The report was based on the analysis of incidents in 27 countries and reports about these incidents from 19 global organizations. These organizations include law enforcement agencies, national incident-reporting groups, research institutions, and private security firms.

To no one's surprise, roughly 75 percent of all data security attacks have financial gain as their primary motivation.

The targets for these data thieves are credit card information, bank account details, and other personal financial credentials. Although businesses of all types may be victimized, these data thieves hit hardest at the finance, retail, and food industries, according to the Verizon report

State-Affiliated Espionage

Verizon reports that 19 percent of the data security attacks it investigated for the 2013 report could be attributed to state-affiliated sectors. This corporate espionage targets intellectual property and internal organization data at companies involved in manufacturing, professional services, and transportation.

Roughly two-thirds of the security breaches Verizon investigated went undiscovered for months, putting all the sensitive data involved at risk for an extended period of time.

Even more alarming was the fact that only 13 percent of the breaches studied were discovered by the businesses that were directly affected.

Third parties reported 34 percent of all security breaches, fraud detection uncovered an additional 24 percent, and 9 percent of all breaches were discovered by customers.

What Can You Do?

In the face of these alarming statistics, what can a small business do to protect the sensitive data of its customers?

There's no way a company today can avoid collecting personal financial data from its customers, and the exposure of this data to criminals is one quick way of losing those customers.

To help protect your customers' data and your business's reputation, here are a few recommendations from the Small Business Administration:

• Secure Equipment and Documents: Despite promises that it would end the need for paper documents, the Computer Age seems to have increased the amount of paper most companies have to deal with. Because paper documents remain a major target for criminals, keep all documents with sensitive data under lock and key. And promptly shred all paper documents once it's determined that they are no longer needed. Electronic storage media should also be kept under lock and key when not in use, and computers, smartphones, and other electronic devices should be password-protected.

• Secure Electronic Data: Additional layers of security can be provided by restricting access to sensitive electronic data to only those who need to have it. And all such access also needs to be password-protected. It's a good idea to regularly change passwords and discourage the use of passwords that incorporate easily detected components, such as initials, birth dates, social security numbers, and the like.

Like paper documents, electronic data should only be kept for as long as it's needed. Look into purchasing electronic wiping programs that can permanently erase deleted data from hard drives. And you can beef up the protection of the data that remains by using encryption programs to protect sensitive data in your files and in electronic communications.

Also, investigate data protection software solutions, such as those offered by Syncsort, McAfee, Quantum, and Symantec.

• Screen and Train Employees: Scrupulously check the personal and professional references of all prospective employees, and perform background checks on all employees who will have access to sensitive customer data. Restrict access to such data only to your business's most trusted employees. Promptly change passwords and other access protocols so that employees leaving the company can no longer get into the company's electronic files.

• Work Only with Trustworthy Vendors: Screen potential vendors carefully. Share with them only such data as is absolutely essential to their interaction with your company and its customers. Include a provision in all contracts with vendors that requires them to advise you immediately of all security breaches in their systems, even when such breaches don't appear to have compromised your data.

• Have a Response Plan Ready for Emergencies: Don't wait until your company's sensitive data has been compromised to begin planning how to deal with the crisis. Plan ahead so that you know what steps to take if the worst should happen. SBA suggests that companies immediately disconnect compromised computers from the Internet. Consult with your attorney in preparing a list of parties that should be notified of data security breaches. Such parties might include law enforcement agencies, customers, banks, credit bureaus, and other companies that might be affected by the security breach.

As hard as you work to protect your customers' sensitive data from those who would misuse it, criminals are working just as hard to find new ways to penetrate the layers of security you have in place.

To stay one step ahead of the bad guys, it's essential to stay up to date on new data security technologies so that you can take advantage of them as they become available.

 Feedback   Submit Article