Serving Canada's Home Improvement Industry

Retailers, Wholesalers, and Manufacturers of Hardware, Building Supplies, Kitchen & Bath, Paint & Decorating, Lawn & Garden, and Other Allied Products.

title image

Articles

Protecting Against The Threat Of Data Thieves

computer with chain and padlockBusiness owners are well aware of how to protect from a physical break-in; however, when it comes to electronic attacks, many organizations fail to fully understand the risks or ignore the potential threat all together. With corporations such as Honda and Sony recently falling victim to fraudsters, businesses big and small are beginning to realize the need to keep customer data out of the wrong hands. Having an established protection plan to safeguard against a massive data breach is a critical objective that should not be overlooked, says Dwight Rogers, senior product manager at Equifax Canada, a provider of credit information, risk management, and identity services.

When dealing with sensitive consumer information – including personal and financial data such as addresses, passwords, and credit card records – businesses should be aware of the inherent risks they are up against.

No Need To Be Paranoid

"Organizations need to realize from time to time, breaches do happen," says Rogers. "It is the nature of being in business. I have not in my career seen a year or even a few months go by without a data breach, whether it is two or three or a million names or a customer or a piece of information." There is no need to be paranoid, but Rogers says the likelihood of hackers penetrating networks and accessing private information is a common threat in today's business world. With a proactive system in place, an impending disaster can be greatly minimized.

Electronic files are highly sought-after for their wealth of personal information. Consider all the human resources files, accounting information, customer and vendor lists, and financial records a company could have on its servers at any given time and it is a jackpot for would-be data thieves. These documents are full of sensitive information which can be exploited for personal gain. A breach in company information has the potential to cause serious financial damage to customers whose data has been exposed. If nothing else, a security breach will almost certainly cause a public relations nightmare, perhaps tarnishing the brand's image forever. Having the right measures in place ahead of time will require the company to spend additional resources and money in the short term, but an investment now can protect business reputation and customer satisfaction for years to come.

In the past, companies have reacted to data breaches by simply sweeping them under the rug and keeping their fingers crossed that the situation stays under wraps. Rogers says organizations often make the big mistake of ignoring the non-quantifiable costs of a breach – the PR fiasco, customer attrition, and the decline of employee morale – which can sometimes be far more detrimental than costs associated with fixing the data breach. Nowadays the risks are too high to be left to chance and organizations are beginning to understand the need for instant action.

Companies are advised to reach out to credit reporting agencies almost immediately to engage in a solution and notify customers whether, and to what extent, their information was exposed. "Work out a strategy to communicate via telephone, mail, or eMail to the impacted customers and briefly recap the incident and outline the steps taking place to resolve the compromise," Rogers says. Customers will no doubt be in distress with the news that their information may have been breached, but the speed and effectiveness of response can help to overcome some of the concern.

Once customers have been alerted, the company must take corrective action and address the shortfalls in their system. Some companies may choose to bring in outside security consultants to work with the IT department and assess how security levels can be improved.

Common Mistake

A common mistake many employers make is granting unnecessary data access to employees. Rogers says having security levels in place that restrict the quantity of information available to staff can minimize exposure if a system is compromised. Keeping all software up-to-date and data backed up on secure servers is also a good plan of action. These preparations would no doubt be much better served before the onset of a breach, but will be important steps to get the business back on track and avoid future issues.

Companies can also provide customers with advice for protecting their personal and financial information online before and after threats. The number one tip is to avoid using the same password for all online accounts. "Make sure to have good, strong passwords and avoid using the same for banks accounts as for other important accounts," says Gloria Baran, senior fraud consultant. Taking the time to check bank and credit card statements closely, not just when the statements arrive each month, but every few days, also can catch any unusual transactions before they become major situations. Baran also recommends advising consumers to check their credit reports regularly with credit bureaus to ensure unusual inquiries or accounts have not been opened.

As the history of data security threat proves, what happens once will almost always happen again. With knowledgeable staff, secure policies, and common sense, businesses can easily protect sensitive data and respond swiftly to any potential threats.

Home Improvement Retailing Staff