Data Security: Don't Be the Next "Target"

  • Thursday, March 06, 2014 2:11 PM
    Message # 1512058
    Deleted user

    What Southwest Florida Businesses Can Learn from the Target Data Breach

    With the infamous Target stores data security breach over the holidays still in the news, Southwest Florida business owners and technology leaders should be asking themselves if their customer information is secure.

    Regardless of whether you have 40 customers or 40 million customers (the number of debit and credit card account numbers that Target allowed to be exposed), a business has a responsibility to protect sensitive information.

    For example, a small, 1-4 person mortgage broker office in Estero, Florida has just as much accountability to protect customer information as a huge company like Target. Fortunately, large companies can absorb the cost of fixing the problem. The difference is that in the event of a breach, the civil and possible criminal liability that the small business owner faces could easily put them out of business (and leave their employees without a paycheck).

    “Local small businesses aren’t necessarily at risk like Target was," according to Chris Armstrong, owner of Phix Systems Group in Naples, Florida. "Target uses their own data centers to process and store customer data and information, whereas small businesses use credit card terminals, square or 3rd party processors to process their credit cards which carries the risk and holds the PCI compliance.  Only customers who are storing credit card information within their systems are at risk and if so need to be careful and follow the strict PCI compliance rules.  Services such as Trustwave.com offer a monthly scanning service for vulnerabilities on a client network which would allow for a server to be hacked and information stolen."

    In June 2013, the Southwest Florida Regional Technology Partnership hosted an expert panel of data security experts from Fort Myers and Naples. George Faucher, President of CorreLog Software warned that “thirty percent of threats are insider.” All the highlights from that event can be reviewed in our article "Data Breach - Not If, But When.

    More than two million credit and debit cards have been replaced by JPMorgan as a result of the Target data security mess. "More Target-sized security breaches will happen if banks and retail stores don't start working together to further protect customers' data," JPMorgan Chase CEO Jamie Dimon said. Citibank is following suit and proactively reissuing all cards to its affected customers.

    All in all, Target is doing its best to proactively communicate with and assist its customers and hold itself accountable for the problem. They quickly launched a data breach website (in both English and Spanish) dedicated to the security breach with answers to commonly asked questions and links to the major credit bureaus. There is an apology letter from Gregg Steinhafel, chairman, president and chief executive officer, stating "...it is our responsibility to protect your information when you shop with us. We didn’t live up to that responsibility, and I am truly sorry."  Also, Target has offered one year of free credit monitoring.

    Armstrong advises, "if it is a requirement of a small business to keep credit cards on file, it is important that your network be protected with a strong antivirus on every computer on the network as well as a good router.  It’s also important to make sure passwords are strong and changed every 90 days and are alpha numeric in addition to using symbols and capital letters.  The other option is to keep a partial record of the information, meaning information can be kept on the computer all except for the last 4 of the card and security code and a paper record is used on site to access the remaining information.”

    Small business owners can look to Target as a model for reacting to a problem should one arise. Although there is never 100% guarantee of preventing a data security issue, there are basic steps every business should take to protect important information. Virtually all businesses have a website.  Who is responsible for implementing security updates to your website? "All of our website hosting clients can sleep well knowing that their websites are getting ongoing security updates," advises Janyer Dominguez, Director of Web Development at iPartnerMedia.com in Bonita Springs, Florida.

    Regardless of whether a business is run out of a home office or in fancy Class A space, data security affects everyone. Understanding potential risks, having a plan to protect against risks and knowing what to do in the event of a breach are non-negotiable for business owners. The worst thing to do is nothing. 

    Last modified: Thursday, March 06, 2014 2:12 PM | Deleted user

Connect with SWFRTP.org
your site to be "in the know" about Southwest Florida's Technology Industry

Contact us: Info@swfrtp.org

Powered by Wild Apricot Membership Software