If your business were to be hit by a data breach, would it survive? Learn how to prevent insider threats and protect your customers' data.
PCI (payment card industry) breaches are everywhere, and they're not necessarily due to external hackers. Many of the top breaches occurred because of internal data leaks due to employee negligence or malicious insider jobs.
Whatever the cause – the damages to any business, regardless of size, can be crippling. Take Home Depot's latest scandal, for example. It reached a settlement after their massive data breach exposed the email addresses and credit card details of more than 50 million customers. In addition to the $19.5 million it has already paid out in compensation, the home improvement retailer will pay an additional $25 million.
While these are staggering sums, a more pressing question arises: Can one really put a price tag on consumer privacy, security and trust? You can refund credit card charges and repay damages, but recovering your company's reputation may prove to be far more difficult. And, while Home Depot, as a major corporation, will weather this financial storm, should the same type of financial penalties be levied on a small business, it would most likely be catastrophic. A recent study indicated that 60 percent of small companies that suffer a cyberattack of some kind go out of business within six months.
Customer trust – more than a dollar figure
Companies spend millions of dollars annually to gain and win over customer trust. The one-on-one, personal service and touch that small businesses provide to consumers is a key differentiator and competitive advantage compared to large corporations. However, once that trust is broken, it’s not so easily repaired. Consider the following:
- According to a Global Internet Report, approximately 60 percent of consumers said they would not be able to trust a company once it had been breached.
- Three-quarters of consumers said they trust companies less now that data breaches are so frequent.
- Nearly 4.5 million records are stolen each day.
With so much theft that is occurring, it is difficult for customers to place their faith in credit card companies and ecommerce sites. Businesses today need to take proactive approach to protecting customer data, both inside the company and externally.
Dealing with the problem
Among the retail industry, a sectorwide security policy known as Payment Card Industry Data Security Standard (PCI DSS) has been instituted to establish credit card safety best practices. The PCI DDS standards were drawn up by five of the major credit card companies, including American Express, MasterCard, and Visa, to ensure that credit/debit card data remains secure in the hands of commerce merchants.
Some of the more important internal security policy points and regulations include:
- Implement tiered access control. Tiered access control allows only those employees who need to access data to see the information. This way, sensitive information is only handled by individuals in higher positions who are more accountable.
- Ensure accountability. Utilize user ID tags for anyone with computer access. This allows company executives to know exactly who accessed what information and when.
- Continuously monitor and track all network activity. Employee monitoring has been shown to be one of the most effective ways of thwarting internal threats. Monitoring software allows you to silently track all network activity so you can see when anyone has connected to your network as well as what they are doing there. Suspicious behavior is flagged, and managers are alerted immediately.
- Maintain strict security policies within your organization. Employees need to know security protocols, and these procedures must be enforced and taken seriously in order for them to effectively curtail data leaks, intentional or otherwise.
Regain consumer confidence with an unwavering commitment to security
By implementing these carefully structured security policies, businesses can help better protect consumer payment information, cutting down the risk of data leaks by over 90 percent. With the right approach and safeguards in place, even the smallest business can be as safe (or in many cases safer) than enterprise-size businesses that have fallen victim to data breaches.