Issue link: https://www.e-digitaleditions.com/i/480616
32 FEDA News & Views Is Your Business the Next Target? By Sam Richter sam@sbrworldwide.com M ore than 40 million credit and debit-card numbers, including PIN numbers and security codes, were recently stolen from Target Stores. If you shopped at Target between November 27 and December 15 and paid using your credit or debit card, it's likely that the bad guys now have your account information. The news media has of course made this story front-page headlines, and rightfully so. Thankfully, if you do become a vic- tim, as long as you report suspicious behavior on your credit or debit card to your bank in a timely manner, you won't be held liable for any malicious purchases. Your bank will issue you a new credit or debit card number, and outside of the hassle of re-creating all of your recurring billing accounts, your inconvenience should be quite minimal. As a consumer, you should be concerned by this extensive breach. If you're an executive at, or the owner of, a small- or mid-sized business, you should be terrified. Think about it. By all accounts, the bad guys were able to insert malware on the devices Target uses to swipe card information so that when a card was swiped, all of that information was stolen, includ- ing PIN numbers (although, supposedly, the PIN numbers are encrypted and therefore debit cards should still be secure). Target is a multibillion dollar company that most likely invests millions of dollars in security. Yet, they were still breached. How much does your firm spend on fraud and busi- ness identity theft protection? Could your company be the next victim? Unfortunately, the answer is a resounding YES. In a recent survey by Lumension Security, 40 percent of businesses reported that their firm was the victim of a target- sam@sbrworldwide.com By Sam Richter sam@sbrworldwide.com ed attack in the past year. The FBI estimates that nearly 100 percent of all small busi- nesses will be hit with a security breach at some point. How can that be? First off, it's important to remember that a breach does not necessarily mean organized crime attacking your company's computer system via sophisticated hackers. In today's world, a security breach can be as simple as losing a laptop or mobile phone because so many of our mobile devices now have access to customer and employee informa- tion. It could be the person who cleans your office walking off with employee files that include social security numbers. It could be a rogue employee stealing information from your company's database. It could even be someone swiping the hard drive from the photocopy machine you recently sent in for repair (yes … most photocopy machines have a hard drive in them that store every copy ever made). The problem is, as a company executive, sticking your head in the sand and doing nothing following a breach is no lon- ger a defense. In the past, if you lost your mobile phone, you replaced it and didn't worry. In today's world, if stolen data is traced back to your company and it was found that your company did not appropriately respond to a breach, your com- pany's executives and board members could be held person- ally liable. Just look at the class-action lawsuits Target is already facing. What do you need to do if your company is a victim? Unfortunately, the answer is not a simple one. There are 46 state laws that need to be followed—yes, if you have custom- ers or employees in more than one state, you must follow each What Can Happen if Your Firm is Hit with a Data Breach or Identity Fraud Next Target? Target between November 27 and December 15 and paid using your credit or debit card, it's likely that the bad guys now ed attack in the past year. The FBI estimates that nearly 100 percent of all small busi nesses will be hit with a security breach at some point. How can that be? First off, it's important to remember that a What Can Happen if Your Firm is Hit with a Data Breach or Identity Fraud M ore than 40 million credit and debit-card numbers, including PIN numbers and security codes, were recently stolen from Target Stores. If you shopped at Target between November 27 and December 15 and paid What Can Happen if Your Firm is Hit with a Data Breach or Identity Fraud