CALL TOLL FREE: 855-833-3604
Follow Zarwin Baum on Twitter Follow Zarwin Baum on Facebook Follow Zarwin Baum on YouTube Follow Zarwin Baum on LinkedIn Print Contact Us Office Locations

‘Tis The Season For Cybersecurity Breaches

December 9, 2014

For most retailers and businesses, the holiday season is the busiest – and most profitable – time of year. With it, however, comes more opportunities for hackers to attack. From email addresses to credit card information, hackers can obtain an array of customer personal information (PI) through cybersecurity breaches. In some cases, this can lead to stolen credits cards and financial information as well as identity theft.
 
Last year, major U.S. retailers — such as Target, Neiman Marcus, and Michaels – reported cyber-attacks, which affected millions of customers. The retail industry accounts for 36.3 percent of all data breaches in 2014, according to SafeNet Inc. Breach Level Index which tracks breaches.
 
In 2014, dubbed by many as "The Year of the Data Breach," analysts warned that cybercrime is on the rise, especially during the holiday shopping season; and that several retailers and businesses will inescapably fall victim to breaches. As such, retailers and businesses need to take the necessary precautions in order to help prevent such occurrences.
 
1. Know the Facts and Assess Risk: First, retailers and businesses should learn about the most common ways data breaches occur, and learn how to mitigate risks. They should also ask themselves, 'What PI do we have to protect?' Consult with a cyber-security specialist and have a cyber-risk assessment performed on your systems. This will help ensure that all customer PI and data is protected.
 
2. Create Policy: A policy should be created that prohibits employees from downloading executable files via the Internet, using networking sites or unsecure websites.
 
3. Train Staff: All employees should be educated on the importance of protecting the information they regularly handle as well as company cybersecurity rules in order to reduce risk. Passwords and sensitive data should not just sit on employee's desk for prying eyes to see. Understanding how malware is introduced into your network is critical to avoiding inadvertent network compromise. What's more, penalties for violating the rules should be clearly outlined and detailed.
 
4. Work with Vendors: Some vendors can be the weak links in cybersecurity. To ensure that all vendors are secure, retailers and businesses should add cybersecurity requirements to vendor contracts and ensure with routine audits that they are being properly implemented and followed.
 
5. Protect Your Network: All retailers and businesses should use appropriate firewall and antivirus technology, and make sure that security software is up-to-date. They should also regularly scan their network and web applications for vulnerabilities. New forms of malware are being introduced on an hourly basis. Ensure that your software is routinely updated and backed up to protect against new and emerging cyber threats
 
6. Limit Public Wi-Fi Use: Policies should be established that clearly communicate how employees are to use public Wi-Fi. If the use of public Wi-Fi is necessary, it should be very limited and important data should not be shared. Consider separate "internet cafes" which access do not access the internet through servers containing sensitive information.
 
7. Develop an Emergency Plan: In case of a breach, businesses should have a clearly articulated response plan to follow on how to manage the situation and to continue meeting customer demands. The plan should include which employees are responsible for managing the situation, what action should be taken, and when to inform the insurance provider. Most states have breach notification laws which require a business to identify and notify its customers whose records have been compromised. It is critical to involve counsel once a breach has been determined to serve as the "quarterback" of the response and to ensure that all laws are being followed to prevent incurring significant fines and damage to the "brand". Contract with your outside data breach vendors before the incursion and prepare for a breach before it happens.
 
8. Consider Insurance Coverage: Retailers and businesses should consider obtaining cyber insurance. Many cyber liability policies can include coverage for a forensic investigation, litigation and remediation of expenses associated with a breach. In some policies, coverage may be included for regulatory defense expenses and fines, crisis management or public relations expenses, business interruption, identity restoration and cyber extortion. A typical cyber policy depending on the business raises the cost of the property and casualty policy about 20 percent.
 
This article was written by Theodore M. Schaer and published in the Philadelphia Business Journal Blog. 

 


HOME CONTACT SITE MAP DISCLAIMER © 2019 Zarwin Baum DeVito Kaplan Schaer Toddy P.C.