Five Takeaways from Recent Data Breaches

Target. Michaels. Neiman Marcus. University of Maryland. All victims of major data breaches in the past few months. While all of these organizations were breached in different ways, they can all offer business owners valuable lessons on how to proceed when a breach occurs. Here are five takeaways IT security expert Mark McCurley offers:

1. Be prepared to respond quickly when a breach occurs.

• In Target’s case, a security blogger broke the news of the breach, which led to confusion from customers.

2. Sometimes, hackers are not the only ones responsible.

• A former employee recently stole more than 50 laptops from Coca-Cola, proving that third parties are often not responsible for major breaches.

3. Make sure you have policies in place, and enforce them.

• A hotel and restaurant management company was recently breached, but it took over nine months for the security hole to be discovered. Policies should be in place to regularly monitor your network and audit your company’s security.

4. Keep track of vendors, guests and other visitors to your business.

• The Target breach probably began due to a shady HVAC contractor who worked for the store. Make sure all visitors, contractors and others sign in when entering the premises and that they are being watched, either physically by other employees or by security cameras.

5. Different types of breaches call for different response tools.

• Target customers were offered credit monitoring after the breach, but this method probably wouldn’t be very effective, as it isn’t likely to catch fraudulent use of already-existing accounts. In this case, customers should be alerted to watch their own accounts for suspicious activity. In the Coca-Cola breach, credit monitoring would be a wise choice, as it is not guaranteed that any credit accounts were actually breached.