Commonly when we think of threats to our business, we often think of intangible things like competition or tangible threats like theft of cash or merchandise. However, the threat of a data breach is much more serious than the threat of competition or even theft of cash or merchandise.
In recent years, we have heard numerous reports of large scale data breaches or hacks that have impacted millions of consumers. From the major Target Corporation data breach during Thanksgiving of 2013 to the more recent Equifax data breach of 2017, these breaches are devastating to both the business and the consumer as their impact can be felt for years to come. Keeping your business’ and consumer’s data safe should be your number one priority, keep reading to learn more about data breaches and how to prevent them.
What Is a Data Breach?
A data breach occurs when criminals gain access to and view, steal, and or use sensitive or protected data.
Data breaches can vary greatly in the nature of data but can include:
- Personally identifiable information, such as
Addresses
E-mail Addresses
Passwords
Social Security Numbers
Health information and records
- Intellectual property
- Trade secrets
- And much more
The most common conception of a breach or hack involves an attack by a hacker on some kind of network to steal sensitive data. This can occur when a remote hacker exploits vulnerabilities at some point in your company’s network. These vulnerabilities can be in your data storage protocols, through your website (as was seen with the Equifax data breach), in your payment system, via phishing scams of third party vendors, etc. Often times the goal of these data breaches or hacks is to gain access to credit card or banking information for unauthorized purchases, however with enough information thieves will often attempt to steal identities of consumers. Consumers’ identifying information is then often sold on the black-market to other hackers and identity thieves.
Although remote hacks may come to mind when thinking of data breaches, there are actually a few different types. For instance, if an unauthorized person happens to view sensitive or protected information over the shoulder of an authorized person, this is considered a data breach. In the healthcare industry, sensitive patient information is governed by HIPAA (Health Insurance Portability and Accountability Act) and regulates who can view and access sensitive information. In the payment processing industry, security of personal information such as credit card numbers and PINs are held to a high standard such as PCI DSS (Payment Card Industry Data Security Standard). If any person who is not authorized to view sensitive information gains access to said information, the company’s network has experienced a data breach.
Data breaches can end up being costly for everyone involved. Consumers can spend years dealing with the fallout from identity theft, while your business may suffer regardless of whether or not the data breach was within your control. Your business could spend an enormous amount of time dealing with lawsuits, audits, fines, paperwork, etc., not to mention the loss of customers that can occur after a largescale data breach.
How to Protect Your Business and Prevent Data Breaches
Fighting data breaches and hacks may seem like a never ending battle, as criminals seem to always be a step ahead and become more sophisticated with every technological advancement, but there are ways to protect your business.
Only use PCI DSS compliant payment processing and pick a payment processor that is up to date with data security standards
Ensure that all of your employees and third party vendors have limited access to sensitive or protected information and that they only have access to the information needed for their position
Make sure that your network and IT platforms have the most recent updates installed, are following protocols, and have up to date virus protection and scanning
Have regular security protocol assessments and address any security issues that may arise