What do Target, Neiman-Marcus, and Michael’s Stores all have in common? Besides being major retailers, they’ve been in the news in recent weeks for suffering massive data breaches. The Target one alone impacted up to 100 million consumers, with the company saying it feared that the breach left their customers’ credit card information – including PIN numbers – open for hackers to steal. Ditto for Neiman-Marcus and then most recently for Michael’s, though on a significantly smaller scale than Target.
Hackers are becoming more sophisticated every day, and while the most newsworthy events are the ones targeted toward big retailers, data thieves actually don’t discriminate by the size of the companies they go after. According to Symantec, a security solutions firm in Mountain View, CA, attacks on small businesses with less than 250 employees doubled in 2012, making up 31% of all business attacks. Further, the company estimates that those data breaches against smaller companies increased again in 2013 by at least another 20%. “Attackers no longer spam at will,” says Steve Durbin, global vice president of the Information Security Forum. “They are increasingly targeting – learning the habits and preferences of their potential targets to better tailor malware to the intended audience. There’s little chance that this threat will diminish, and more targeted attacks will make it difficult to track, analyze and protect against them.”
Indeed, now is the time to guard your data as closely as possible. Experts say companies should be creating data-collection policies (how long you store clients’ credit card information in your network, for example) and encrypting all of your data so it’s not easily reached by hackers. In fact, any data not encrypted is vulnerable, says Tsion Gonen, chief strategy officer of SafeNet, a data protection firm based in Belcamp, MD. “By not encrypting data, all data is vulnerable to people coming in via electronic means or even walking in as part of a cleaning crew,” he says. “Small businesses tend to not look at things like that.”
The other thing that companies today are – unfortunately – tending to ignore is the education of their employees when it comes to data collection and the potential of breaches. While many companies focus so much on encrypting data and protecting their networks, ultimately it’s actually employees, not just their devices and software, who are the weakest link in a company’s security defense. Not because employees are looking to breach security from within. But more because employees often unwittingly click on an unsafe link or use too simple a password or connect to the company’s network through too many different mobile devices. “A lot of these hacks you read about start with someone double clicking on a mail attachment or downloading something from the Web that they’re not supposed to,” says Gonen.
The time is now to educate employees and build a concrete wall around your data – before the increasing number and dexterity of hackers impacts your organization like it has so many others already.