Protecting Your Business
The month of December was not a good month for data security. We personally received a letter from our insurance company Horizon Blue Cross Blue Shield of New Jersey stating that two laptops were stolen from their facilities which may have contained our names, social security numbers, and demographic data. There was also a breach of financial information affecting 40 million shoppers at Target, and an undisclosed amount from Neiman Marcus, both which prompted the banks to either issue new debit cards or begin closely monitoring card usage for possible fraud.
In regard to Horizon Blue Cross Blue Shield of New Jersey, while the laptops were password protected, the data was not encrypted, and so the information from the hard drives was easily taken. A security protocol requiring all client’s information to be stored in an encrypted fashion should immediately be implemented and shared as best practice with other insurance agencies.
With financial information, it is difficult to stay ahead of the curve, since the data being handled is in high demand on the black market. The breach at Target included two separate aspects, one that took information from the Point of Sale (POS) system, and the other took client information from their database. While I understand why Target is not sharing explicit details of the method the hackers used to steal the information, it is imperative that this information is used to create new ways to secure consumers data and shared as best practice with all card processing companies, banks, and retailers.
It is extremely important to remember that while you hear of large data breaches, more insidious and damaging are the data breaches that occur in small business. While it may not affect as many consumers, you can bet it is infinitely more damaging to your business and reputation than to a larger company. Even if you are like most companies that have legal protection and user policies, the loss of your consumer’s confidence will be difficult if not impossible to overcome.
A majority of small businesses owners think “a hacker wouldn’t try to get my information, I am so small and don’t make as much money or have as many clients as (insert large chain store name).” What is not considered is that hacking programs do not see the size of a company. They simply see an internet address and try to see if they are able to gain access. One of my friends described it like this – Imagine a hotel with a lot of doors and each door is an access point into a different company. From the hallway (internet), you can’t see what is behind the door, and all of the doors look the same. A program is simply told to try to open the door and enter any door that is unlocked. Like any good program, it will continue until told to stop. This is why it doesn’t matter if you are in an economy room (small business) or luxury suite (big business), the program is going to try every door in the hotel to see which ones are open.
So what should you do?
- Look at what type of client information you store electronically.
- Create a Security Policy to define who has access and from where.
- Ensure you have Antivirus, software firewall, and hardware firewall installed and updated on your systems.
- Sensitive client information should be stored in an encrypted format, and backed-up offsite encrypted as well, ensuring the host does not have an encryption key.
- Train employees on procedures outlined in the Security Policy.
Nina Johnson is the Chief Business Officer of Singularity LLC, a Concierge Technology Services Firm, serving Northern New Jersey and Manhattan. Singularity’s mission is to empower small business’ growth and security through technology.