We keep hearing about them in the news. The numbers are astounding: 145 million user accounts compromised here, 73 million customer accounts stolen there. All of this year’s data breaches offer many lessons to help companies of all sizes to avoid becoming the next news headline.
What Your Company Can Learn from this Year’s Data Breaches
Lessons from Target:
- Credit card point-of-sale systems proved to be vulnerable. When fraud liability is transferred to merchants next October, we can expect to see improved security for in-person purchases due to increased use of chip and pin credit cards and new payment terminals. However, this is not a cure all and credit card breaches will continue online so merchants and card issuers will need to find other ways to address that issue.
- Third party vendor network access needs to be managed. Companies need to probe their vendors on their security and privacy policies, procedures and best practices. Map locations of sensitive data, evaluate risk by vendor and build security assurances into vendor/partner agreements. Know who has access to your company systems at all times and require vendors to have security and privacy policies and procedures in place that match or surpass your own. And, taking it a step further require your vendors to carry and purchase cyber insurance in order to indemnify your company for any costs associated with a data breach that is caused by your vendor’s negligence.
Lesson from USIS:
- Employee negligence was at an all time high in 2014 and in the USIS data breach — from not performing routine security procedures to lack of security awareness and routine mistakes and misconduct. More companies have implemented an enterprise risk management approach, bringing together the company boards of directors, C-level department heads and the IT team to 1. assess security risks, 2. prioritize protective measures, 3. maintain and promote awareness of cyber threats amongst employees, 4. create and test an incident response plan and procedures and 5. explore cyber insurance coverages that could help your company survive and respond to an incident.
Lesson from JP Morgan Chase:
- Cyber terrorism activity is increasing and we are all vulnerable. Higher activity will translate into more successful hacking tools and nonetheless bigger and more successful data breaches.
Lesson from Ebay:
- Educate your employees on security best practices and procedures. Social engineering attacks continue and employees need to be reminded to be weary of clicking on links in emails.
Despite how much money a company invests in their IT security technology today, breaches and cyber attacks are at an all time high.
Big change is needed and while new proposed regulations can help companies prioritize their security defenses, it is not going to prevent the worst from happening.
Cyber security has not evolved as quickly to outpace the hacking tools that are being used successfully and while there are some great “Next Generation Threat Protection” tools that are available today that offer threat intelligence data with real-time monitoring, companies cannot rely entirely on defense and prevention measures.
Today companies are advised to proactively step up and create a security mission statement, combat and incident response plan and an enterprise wide security awareness program that is reviewed daily in conjunction with their defense and prevention measures in order to keep pace with today’s evolving attacks and threats.
Let our professionals help you make the right choices about cyber insurance to protect your company or organization.
[123-contact-form i1135533]