“Companies must be proactive and try to prevent data breaches”
Safe and Sound 11/03/14 By John L. Barlament
The rampant problem of hackers targeting companies to steal valuable, confidential data is only getting worse. As the headlines indicate, the list of companies affected by these breaches seems endless.
Although it often appears as if retailers are the hackers’ main targets, the reality is that all organizations are at risk. Companies that once thought they were safe from attacks because they didn’t handle credit card information or weren’t retail-focused are just as vulnerable as retailers. All companies store valuable information that today’s sophisticated hackers want – and in fact, the non-retailer systems can be a door or a window into another company’s system.
Now more than ever, it’s critical that organizations are proactive in securing their systems. Not only can that help prevent the breach of its data, but can play a factor in protecting other businesses’ processes as well, which often carry a high value on the black market. There are a couple of initial steps that companies can take toward protecting their businesses.
First, companies must assess the information they own and store. All too often, senior management doesn’t fully know about or appreciate the extent of the information the business collects and stores. Time and again, business people discover that there’s much more going on than they knew about.
Secondly, they must determine the security the company currently has in place for protecting the information. In addition to asking, “What data do we have?,” they should also ask: “Are these security measures appropriate for this data? Is security up to date? How easily can our security be breached?”
Because internal business units aren’t always communicating with each other regularly, these questions should be asked of each business unit. The answer an organization gets from its IT department about the data it stores may be drastically different than the answer it gets from its human resources department. But both answers are equally important in assessing the scope of the data a company stores.
Even when companies believe they have done everything right to put the best security measures in place, there is no guarantee a breach won’t occur.
We have seen companies take great measures to ensure its data was as safe as possible from a breach; implementing appropriate policies, training its staff on data protection and obtaining certification that equipment was compliant with the PCI-DSS, only to have a vulnerability exploited and suffer a breach as a result.
At the end of the day, taking proactive measures to address data security ahead of such an incident can help stave off massive costs and a public relations nightmare that might otherwise result from such a breach. In addition, it also serves to show regulators that companies had taken appropriate steps to prevent breaches and immediately jumped into action when they discovered one. Not to mention, an appropriate response such as this helps keep the plaintiffs bar at bay. As is so often true in this space, when it comes to data security, a good defense is often your best defense.