You have probably received a letter from a merchant or credit card company advising you that your personal information may have been compromised by a data breach. Perhaps even the company you work for or, if you own a business, the company you run, has been victim to cyber theft. Possibly you have even suffered a surprising political defeat because the private email server tucked away securely in your basement was hacked by Russians.
Cyber-crime is rampant and growing. Over half of Americans have directly felt its effects. While the law tends to protect consumers when these things happen, such as imposing loss limits for fraudulent or unauthorized credit card charges, it can do little to restore your privacy, make up for the time and frustration of recovering from a hacker, or alter the returns of a national election. The best option is prevention.
As a consumer (or future presidential candidate), you can do several things to keep your private information safe besides paying cash for everything, which is a bit impractical for most of us.
First, consider NOT allowing on-line merchants to store your credit card information. True, you will need to reenter information when you purchase on-line but it seems a small price to pay.
Second, create passwords that are NOT the word “password”, are not your birth date or a family member’s DOB, and are not less than six characters long. Select an unforgettable nonsense word with random numbers and a symbol, like 9fritzwicket6$. I have no idea what a fritzwicket is but I have 9 of them and paid 6$ with the $ sign on the wrong side!
Third, don’t open links and attachments on emails or click on website links unless they come from or are a trusted source. I have heard that the campaign manager of a former presidential candidate once clicked on an email link he shouldn’t have and it lead to a number of unforeseen, somewhat negative consequences for the campaign.
Fourth, before you purchase software or hardware, ask the seller about security. Manufacturers for too long have overlooked it. Consumers need to demand secure-to-market products or shop the competition instead. There are responsible companies developing goods and services with built-in security and privacy. The cost may be a little more but consumers can encourage these companies with their pocketbooks (or e-payments).
Fifth, if you are a victim, react promptly. Contact the local police and complete a crime report, call your bank, your credit card companies, the credit bureaus, and the Social Security Administration. They all have procedures and will know what to do.
And finally, if you work for the U.S. Government, follow the law by using an official government email and government server for your correspondence instead of the one in your basement.
As a business owner, you need to understand and reasonably manage the risk. For certain you had best get an incident response plan (IRP) implemented and properly tested. If you want/need cyber insurance you may be out of luck going forward unless you have an IRP. Without the protection of insurance, you are prey for plaintiffs’ attorneys that circle the American business landscape like hungry vultures in search of a fresh carcass!
Be cognizant of industry standards and legal requirements for your type of business. If you deal with consumer information, private or confidential data, financial data, health care information, and the like, get a security audit by a reputable company. Ensure you have the best firewall, encryption, real-time monitoring, anti-penetration protocol, and other measures to keep data secure. It will cost some money but compared to the price of cyber extortion it is worth every penny.
If a breach does occur act quickly and proactively. Show your customers you care about their privacy and security even if you believe they were unaffected by the breach. The law may very well require you to notify consumers so they can be alert for unauthorized activity against them. Don’t be one of those companies that makes the news because it tried to hide the cyber attack and its own unpreparedness or stupid mistakes that allowed it to happen.
September 2016, the Federal Trade Commission (FTC) released a Data Breach Response guide for businesses. (Hopefully, the FTC offered the guide to itself and its fellow agencies as there are several that have been hacked!) You can find it here:
And if you are really excited to learn more about cybersecurity, you can read the recently published report to President Obama from the Commission on Enhancing National Cybersecurity:
Be safe out there in cyberland!