Customer accounts. Payment information. Inventory. It’s all data you rely upon and often need at a moment’s notice. Thankfully, you can access it all from your computer. But what if someone got into your information system and cut off your access? That’s exactly what’s happening in the disturbing trend of hackers intentionally blocking and holding company information hostage.
Here’s the scenario
A business hires a third-party software vendor to develop a multi-location network project. Six months after its completion, several current and past customers start reporting fraudulent activity on their credit profiles. A data security firm discovers a programmer on the project stole the company’s customer database. The company did have data breach coverage—but with a $150,000 limit. That left the company paying the remaining $400,000 in damages.
Effective data security may have prevented the unauthorized access to the business customer file. There were also issues with their incident investigation plan, credit monitoring and repair services, customer notification system, and legal guidance—all leading to delays in recognizing the problem and responding to it. The incident also left lasting damage to the company’s reputation with customers and the community.
How to protect your data
There are things you can do to help protect your business and your customers’ valuable information. Take a closer look at what you store and:
- Identify sensitive data: Look for Social Security and driver’s license numbers, as well as any health and financial information.
- Note where it’s located: Identify whether it’s electronic or on paper, how it’s used, and whether you really need to collect it or store it. If the information isn’t vital, consider not asking for it or deleting it immediately after any required use.
- Back up data: Ensure any data critical to your company is secured and copied to a separate storage site.
- Ask an expert: Have a software/hardware security expert check your system for strong encryption and authorization protocols.
- Immunize your system: Make sure your antivirus package is current and able to block attacks.
- Educate employees: Teach workers to recognize and delete potential phishing scam emails.
- Power-up passwords: Require strong user passwords and regular resets to toughen security.
- Create a plan: Develop a strategy to deal with a potential data release or theft, how you’ll notify those affected, and what credit monitoring and repair services might be needed.
For more information: