It seems like we can’t go a week without news of a data breach affecting a major company: Target, Home Depot, Yahoo (all 3 Billion account holders), HBO, Equifax (3 times), Deloitte, Sonic, Whole Foods. With the prevalence of personal information being exposed and stolen, people often wonder should we just get used to having our data breached? Should we get used to the fact that cat photos on Facebook are more secure than our social security number?
In short, no! We should never simply accept that the companies are not responsible for the security of the data they collect about us. We should be upset when our data is breached and demand action so that companies begin to take data security seriously. And one of the worst things about data breaches is that nearly all of them end up being far worse than initially reported.
The Equifax hack occurred because the company failed to install a patch for vulnerable systems for over six months after the patch was released. The Security & Exchange Commission (SEC) which ironically issues regulations telling other companies to clean up their technology infrastructure and can fine them for failing to take the necessary cyber-security measures suffered a data breach of its “Fort Knox” system called EDGAR which companies use to file all the important stuff about the business like quarterly earnings, merger & acquisition, IPOs, market news, and more. And Deloitte’s email administrator failed to secure his/her account with two-factor authentication and hackers were able to get in with privileged, unrestricted administrator access and steal millions of email records, many with sensitive information.
With the onslaught of lawsuits and regulatory inquires against Equifax will teach businesses anything, it is that our lawmakers and the people they represent are tired of having their data compromised and soon we can hope there will be real, tangible changes in how businesses consider data security. In its most recent shareholder packages for at least five years, Equifax did not mention data security once as a company priority. This must change and any business that collects personal information must be serious about the protection and should they fail, there must be repercussions because the theft of data can lead to real harm to individuals.
The news of the credit card data breach at Sonic has made many wonder, how are credit cards still getting hacked? The credit cards themselves are fairly secure but when the point-of-sale (POS) system used to process the credit card transaction is compromised, there is little the new chip technology can do to protect the consumer. USA Todayattributes part of the problem to the increase in the use of technology by businesses without the budget and skillset required to secure those new internet-connected POS systems. Companies need to ensure that they not only invest in the new systems but also hire the technical staff or find a trusted partner, like Axiom Cyber Solutions, to ensure that the POS systems are properly protected. Companies that take credit cards need to consider PCI requirements and ask the question, “If I get breached and lose the ability to take credit cards, can my company survive?”
Don’t get used to having your data breached. Demand that businesses protect your data and encourage your lawmakers to consider new legislation that would allow regulation of data security standards and penalties for data breaches.