Why the FTC Ruling on Cyber Security Affects Every Business Owner

In late August, the United States Court of Appeals for the Third Circuit unanimously affirmed the Federal Trade Commission’s (FTC) power to regulate cybersecurity under the unfairness prong of the FTC Act (15 U.S.C. §45).FTC v. Wyndham, Case, No. 14-3514. The ruling states businesses must have cybersecurity protection for their customers or be subject to fines. This ruling is especially important for those businesses who keep customer data such as financials.

Philadelphia judges ruled 3-0, giving the FTC the authority to sue Wyndham Worldwide, for cyber breaches in 2008 and 2009. In this case, over 619,000 customers had their personal financial information endangered. It has been reported that more than $10 million of fraudulent charges came after.


FTC, 2012. Photo by Diego M. Radzinschi/THE NATIONAL LAW JOURNAL.
FTC, 2012. Photo by Diego M. Radzinschi/THE NATIONAL LAW JOURNAL.

The FTC argued that Wyndham Worldwide was guilty of numerous unfair practices. Not only was Wyndham not storing their payment card information in a safe manner, they were also using easily guessed passwords in their property management systems. The FTC stated that the business lacked cyber security policies, including prevention and incident response plans.

Companies really need to think about the following 5 things when it comes to their cyber security, lest they be subject to fines and headaches:

  1. Businesses should analyze their data and how they collect it, use, and store it. This is especially important for businesses who withhold financial information.
  2. Is the business taking reasonable steps to secure their data? Are they limiting administrative access, assigning secure passwords, limiting access to the network, and regulating access to data?
  3. Companies need to compartmentalize the network and oversee who’s trying to gain access. Firewalls and intrusion detection mechanisms need to be in place to prohibit cyber criminals from gaining access to your network.
  4. Do my service providers offer me cyber security measures? Companies need to do their research on what is offered by their service provider when it comes to information security risks.
  5. What procedures do I have right now that are keeping our security up-to-date? Frequent updates and patches to software should be priority, ignoring these things or going into denial about cyber breaches does not do anyone any good.

The bottom line is, any company that has experienced a cyber security data breach is required to take proactive measures to avoid future breaches. If a company does not take some sort of precautionary steps, they will be subject to fines by the FTC.

And it doesn’t stop at fines. A business can lose their reputation, the trust their customers and clients have given them, Even after all of this, it is still not done. The doors have been opened for class action lawsuits. The years of time and money that have to be spent to deal with the fallout of a cyber security data breach is a huge inconvenience and there’s no guarantee that a business will even be able to continue to stay open. Axiom Cyber Solutions can help businesses of all sizes stay safe from hackers.

Data breaches will continue to rise and will evolve with new social and technological attack vectors. It’s important for any organization or individual with sensitive data to exercise caution and deploy best practices in securing your network. Axiom’s solutions come in different sizes and all of our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come.

For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

About the Author