No matter how popular or successful a brand is, recent data breaches occurring at several well-known consumer and social networking sites have demonstrated that no company is immune from a breach of data. These incidents caused concern not only for consumers but it can potentially also create data security issues for their employers. Although no evidence was found that user data or credit-card numbers were compromised, the concern is stolen password information could lead hackers to be able to access the business data of consumers’ employers since a majority of people use the same passwords in their personal and professional lives. Since the hacks occurred on widely used sites, security experts are now advising business IT security teams to be proactively hunting for weak passwords in their networks, conduct a full investigation as to whether company data has been compromised and enforce a policy that employees must use different passwords in their work and private lives.
These incidents serve as a reminder to businesses that a data security breach can come from anywhere and a company, no matter large or small should be proactive when it comes to its cyber security planning. In addition to password policies, other breach prevention practices like encryption and risk assessment can help protect a company from financial and reputational damages. A large retail chain is learning this lesson the hard way as they deal with a data breach when one of their stores was burglarized and thieves stole backup unencrypted electronic media that contained customers’ names, addresses and social security numbers. Like many businesses, the retailer didn’t plan for a breach through preventative measures like encryption. Sadly, many businesses generally don’t take extra steps until it’s too late and they are forced to react to a breach.
Another example of how a breach may lead to potential fraud for years is the theft of hundreds of thousands of Social Security numbers from a government agency. Although risk assessments can be expensive and aide in mitigating the risks of potential breaches, the consequences of not performing one could prove even more damaging. Had the agency done an assessment they would have discovered they were storing Social Security numbers that were not encrypted and it’s now costing the state millions of dollars to resolve the breach. A risk assessment would likely have cost only a fraction of that amount.
In this data driven world it is naïve to think that information is safe just because an entity is too big to be infiltrated. The better approach is to plan for the worst and hope that the plan never has to be implemented.