In my last blog post I discussed the importance of evaluating risk of cyber crime in business and 5 steps to protect your company. Well in the news in the last couple of weeks are 2 high profile examples of cyber crime and the affects to the victim firms’ reputation and profitability.
The first was last week when BP (British Petroleum) announced that an employee had lost a laptop that contained social security numbers for victims of the BP oil spill that had been reimbursed by the company. This is an example of the first type of breach I discussed in my previous post. The laptop contained data that had either been downloaded from corporate systems to the laptop or had simply been created on the laptop using desktop software. This was completely avoidable and has cost BP not only financially but also another hit to their already shaky reputation. Today files with critical information do not need to be stored on laptops or workstations for employees to have access to them. In a major corporation like BP, these files should have been maintained on a corporate secure server. Other options are to maintain the files on outsourced secure servers.
The second was this past weekend when the Epsilon data servers were hacked and client information from a host of major corporations was compromised. The good news is that it appears that the only information that was exposed was client names and email addresses. How this was done is not yet known, however, it is one of those situations that may not have been easily prevented. One scenario is that the data files may not have been as secure as they could have been because the data was not considered critical. The Epsilon client corporations that were affected took adequate precautions by only providing customer name and email information to Epsilon. While that information can lead to more details about a customer it will require additional work to obtain that information. The big risk in this scenario is that the end customers could begin to receive pshing emails in which the perpetrators are seeking the additional identity information required directly from the consumer.
Even though limited personal information was obtained, this will still cost numerous corporations significantly. First Epsilon’s reputation is severely impaired and the company may lose significant revenue from this incident not to mention the cost of notification. The victim companies involved which include Citibank, Capital One, Walgreens, will probably spend millions in notification and corrective action to protect their customers.
Senior executives and board members, this is a critical issue. Security should be re-evaluated in all companies. If you would like to discuss your security in more detail please contact me at 818-709-683. Here is the link to my previous post www.hiddenprofitsblog.com/5-steps-to-protect-your-company-from-cyber-crime