What is the “hot topic” at retail this year? Is it the latest X-box? Are people buzzing about new tablets, smartphones, flatscreens and cool headphones? Thanks to Target Stores, cyber security and data breach are the popular items being discussed this year are POS systems and magnetic strips.
For several weeks beginning with “Black Friday,” Target Stores suffered a major data breach that exposed the personal data of roughly 40 million consumers. Many are quick to admonish Target Stores for deploying inadequate data security measures, but let’s look at this through a more pragmatic lens. If this type of breach can happen so pervasively to such a large company, one so heavily invested in credit card data protection, it can certainly happen to your business. As a matter of fact, a recent study by the Ponemon Institute, a Michigan-based data protection research organization, reveals that 55% of SMB’s have experienced data breach – and half of those more than once!
We need to start adjusting to the realization that we truly cannot stop ALL breaches. The level of data theft sophistication is as high if not higher than even the most advanced security measures. What we can do is prepare by putting strong integrated protections in place to minimize risks and mitigate the damage of data breach. Strategies that raise the cost to attackers trying to get at our sensitive data will also reduce the probability of attack.
It all starts with intelligent, diligent preparation:
- Identification- clearly identify what sensitive data is being stored, processed and handled…and where.
- Protection – review how this information is being protected end-to-end in your organization and third party companies that handle your information.
- Mitigation – identify weaknesses in your data security protocols and programmatically mitigate them.
- Policy – ensure that good governance is in place including all policies and procedures for handling data.
- Implementation – define data handling requirements and correctly implement excellent products that meet those requirements.
- Management – provide regular internal analysis and vulnerability checking. Supplement with objective, third-party reviewers.
Data thieves are unrelenting — you need to be too. Having the right data security strategy in place will protect your business by reducing the probability and the impact of a breach. Be a strong custodian of your customers’ sensitive data and ensure that it is being strongly protected. If your business needs a starting point, contact Rick Dreger at WaveGard and we’ll set you on the right path.