Long gone are the days when data privacy was only a concern for big businesses, especially in the wake of the much publicized Target data breach. Even though the Target breach is over a year old, that event, which impacted over 110 million consumers, is just now hitting the courts. Target and the retail industry are not alone, data breaches occur in every industry (and the government) and are far more common than you think–just browse through Data Breach Today’s website, you may be surprised what you learn.
And, as has been widely publicized, the Target data breach originated with a Pennsylvania heating and air conditioning (HVAC) business doing business with Target. What you may not know, is that there is strong indication that the breach originated with phishing emails sent to an employee of the heating and air conditioning business. The HVAC company was connected electronically to Target to facilitate electronic billing, contract submission and project management. And, although the scope and extent of the breach was primarily due to Target’s internal technology infrastructure and administration and the HVAC company has not yet been named in the lawsuit against target, the HVAC company also could face liability if its security systems are found to be lacking.
The Target story has somewhat faded into the past, but now is a good time to reflect on it and revisit a few lessons learned from the breach:
- the increase in “smart” devices, increases connectivity and the opportunity for a back-door into your system;
- “freeware” security and malware protection may be robust & work perfectly as advertised, but may require you to remember to run it, you may be far better off spending the money for a program that automatically runs in the background;
- if you process credit cards, you’d better make sure you’re PCI compliant;
- if you let external parties access your network, you’d better make sure you contain their access to “need to know” or “need to access” items;
- it’s important to continue to educate and remind employees, all employees, about the danger of phishing and mal-ware and the proper uses of email; and
- although considered annoying by users and administrators alike, it is critical that proper password protocols, including routine password changes, be implemented and enforced.
Regardless of the size of your business, you need to spend time evaluating your data and technology protocols and make sure you’re keeping up to date on the latest protection available.
For related information on why its important for your Texas small business to protect confidential and proprietary customer data, and tips on how to do so, go here.
Constance Hall, an experienced legal, marketing and client relationship professional, is licensed to practice law in Texas. For more information, if you have questions, or to contact Connie, email her at firstname.lastname@example.org.