Corporate retailers including Home Depot, Target, Michaels, Dairy Queen, and Kmart have all been victims of security breaches, and are still feeling the aftereffects. In addition to the financial repercussions, even mainstream brands suffer from diminished trust when customer data is compromised. This trust can be difficult to rebuild, and the negative effects are often even more pronounced for small- or medium-sized businesses.
Companies need to secure their information in a way that makes sense financially. “It doesn’t make a lot of sense to secure a million dollars’ worth of information with $10 million worth of security,” Trustwave Vice President of Product Management Josh Shaul said in an interview.
Common-sense security measures should be in place for all data, and this begins with a general risk assessment. “You’d be shocked to find out how many companies are storing data, but the compliance and the risk and the security people don’t even know that that data’s being stored,” Shaul added. After areas of weakness are discovered, businesses can adopt new practices and procedures to protect against potential threats, such as installing intrusion detection and prevention technologies, anti-malware controls, and Web-application firewalls, and modifying network access controls to prevent unnecessary access. Some businesses may choose to work with outside experts responsible for installing, monitoring and updating their technologies in response to new potential threats.
Financial information must be retained in order to comply with government regulations, and many businesses choose to store additional information, or save data for a longer period of time than required, if legally permitted.
Extra steps can be taken to secure data that’s currently dormant, but saved in case it’s useful in the future. “If nobody needs to access it, then there’s no reason not to encrypt the heck out of it and make sure that it’s really, really hard to get at,” Shaul said. Because the data is dormant, it can be protected securely in a way that would be inconvenient for information that needs to be accessed regularly. Dormant data can be protected by strong encryption, and locking away the encryption keys in a place that’s very hard to access.
- What eBay Can Teach Us About Security Breaches
- IT Security Job Opportunities Growing in a Dangerous World
- Senate Grills Target on Lax Security
Image: Maksim Kabakou/Shutterstock.com