Will You or your company survive a data breach?
Identity theft is one of the most prevalent consumer crimes in the United States.
According to the Federal Trade Commission, over nine million individuals, over the age of 16, have their identities stolen every year. Companies are being sued for millions of dollars as a result of a data breach. As if this is not devastating enough, the loss of customers / clients will take a further toll on the chance to survival.
It’s not just a big business problem. Small and mid-sized businesses with fewer data security resources are particularly vulnerable.
US Securities and Exchange Commission says that 60% of companies are likely to shut down within six months after a data breach. Will your company’s or your personal finances be strong enough to deal with it?
The Scale of some of the Reported data breaches during 2018 is staggering.
According to Gamalto, the reality is that 4,5 billion data records were compromised during the first half of 2018.
Here is just some of the companies who have been in the news lately:
Quora discovered the breach on November 30, 2018 and made the announcement on December 13, 2018.
Approximately 100 million of its 300 million users’s names, email addresses, encrypted passwords and public content (questions, answers and comments). No sensitive data (credit card, SSN) is collected on the site. and
Quora is working rapidly to investigate the situation and taking appropriate steps to prevent future incidents.
Marriott’s Starwood Guest Reservation Database
Announcement was made on November 30, 2018.
As many as 500 million guests from Marriott International hotel properties (Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Meridien, Tribute, Design Hotels, Elements and the Luxury Collection). Breached data may go back to 2014.
Marriott has a dedicated website and call center to deal with questions and has notified legal and regulatory authorities. The company is also attempting to reach out to affected customers and offer them one year of free web watcher service that monitors sites where hackers swap and sell stolen personal information.
Data Breach happened between October 4-14, 2018.
HSBC sent notifications to those who were compromised and offered them one year of free credit monitoring and identity theft protection.
Announced by Facebook on September 28, 2018,
Nearly 50 million of its users has been effected when hackers took over users accounts.
Facebook fixed the vulnerability and notified law enforcement officials. They also logged 90 million users out of their accounts, forcing them to log back in, a solid safety measure for compromised accounts.
We also recommend that you are proactive and change your passwords (make sure they are secure!) for Facebook, Instagram and WhatsApp (all owned by Facebook).
In the Summer of 2018, Macy’s informed customers of a two-month data breach that happened between April 26th and June 12th, 2018
Online customers of Macys.com and Bloomingdales.com (they didn’t specify how many but said it was a “small number of customers.” that was affected.
Macy’s has contacted and is providing consumer protection services for customers who were potentially impacted.
On June 28, 2018, Adidas says it became aware of a potential security breach that happened on June 26th.
A few million consumers is affected
Adidas Began taking steps to alert relevant consumers and is working with data firms and law enforcement to investigate the issue.
On May 11, 2018, Chili’s parent company Brinker learned about a data breach which happened between March and April 2018.
Customers who dined in certain restaurants (as of May they haven’t identified which of their 1,600 locations or how many people it affected).
They are working with law enforcement officials to investigate the issue. The company also said they are working to provide credit monitoring services for customers who may have had their data stolen.
On April 3, 2018, it was reported that customer information may have been compromised on Panera Bread’s website for eight months.
Customers who signed up to order food via PaneraBread.com are affected
Names, email addresses, physical addresses, birthdays, ordering habits, food preferences, last four digits of payment card numbers of customers who signed up to order food via PaneraBread.com are at stake.
The data has been removed from Panera’s website. The investigation is still ongoing and Panera has yet to release a formal statement on the matter.
Saks And Lord & Taylor
Saks Fifth Avenue became aware of a security issue on April 1, 2018
More than 5 million Saks Fifth Avenue and Lord & Taylor customers in North America are affected.
The company has looked into and taken steps to contain the issue and believes there is no risk to shoppers.
MyFitnessPal App By Under Armour
Under Armor was notified on March 25, 2018, that the breach took place during February of 2018
It affected Approximately 150 million user accounts
Under Armour is requiring all My Fitness Pal users to change their password and update any accounts which use similar passwords to the app. They are also encouraging users to monitor suspicious activity and are working with law enforcement officials and a data security firm to investigate the breach.
What can you do to prevent a data breach?
Herewith copy of Central Insurance Companies‘ advice to small and big companies:
- Keep Only What You Need. Inventory the type and quantity of information in your files and on your computers. Reduce the volume of information you collect and retain only what is necessary. Don’t collect or keep information you don’t absolutely need. Minimize the number of places you store personal private data. Know what you keep and where you keep it.
- Safeguard Data. Lock physical records containing private information in a secure location. Restrict access to that information to only those employees who must have access. Conduct employee background checks. Never give temporary workers or vendors access to personal information on employees or customers.
- Destroy Before Disposal. Cross-cut shred paper files before disposing of private information. Also destroy CDs, DVDs and other portable media. Deleting files or reformatting hard drives does not erase data. Instead, use software designed to permanently wipe the hard drive, or physically destroy the drive itself. Also, be mindful of photocopy machines, as many of these scan a document before copying. Change the settings to clear data after each use.
- Update Procedures. Do not use Social Security numbers as employee ID or client account numbers. If you do so, develop another ID system immediately.
- Educate/Train Employees. Establish a written policy about privacy and data security and communicate it to all employees. Require employees to put away files, log off their computers and lock their offices/filing cabinets at the end of the day. Educate employees about what types of information are sensitive or confidential and what their responsibilities are to protect that data.
- Control Computer Usage. Restrict employee usage of computers to business use. Don’t permit employees to use file sharing peer-to-peer websites or software applications, block access to inappropriate websites and prohibit use of unapproved software on company computers.
- Secure All Computers. Implement password protection and ‘time-out’ functions (requires re-login after periods of inactivity) for all computers. Train employees to never leave laptops or PDAs unattended. Restrict telecommuting to company owned computers. Require the use of strong passwords that must be changed on a regular basis. Don’t store personal information on a computer connected to the Internet unless it is essential for conducting business.
- Keep Security Software Up-To-Date. Keep security patches for your computers up-to-date. Use firewalls, anti-virus and anti-spyware software; update virus/spyware definitions daily. Check your software vendors’ websites for any updates concerning vulnerabilities and associated patches.
- Stop Unencrypted Data Transmission. Mandate encryption of all data transmissions. This includes data ‘at rest’ and ‘in motion’. Also consider encrypting email within your company if personal information is transmitted. Avoid using Wi-Fi networks; they may permit interception of data.
- Manage Use of Portable Media. Portable media, such as DVDs, CDs and USB “flash drives,” are more susceptible to loss or theft. This can also include smartphones, MP3 players and other personal electronic devices with a hard drive that ‘syncs’ with a computer. Allow only encrypted data to be downloaded to portable storage devices.
|(Tips courtesy of The Hartford Steam Boiler Inspection and Insurance Company (©1996-2009)|
How do you "destroy before disposal"? (Data Destruction)
Electronic waste should be recycled in the most responsible way. Make sure you have a recycle company who is a hundred percent reliable. Remember your company is too valuable to take any risks.
SBC Recycle in Beaverton, Oregon provides a Certificate of Recycling and Destruction as well as Itemized Asset Reporting
Certificate of Data Destruction is provided as a standard part of each service we offer.
This certificate contains detailed information regarding transactional and asset-based data, giving customers the proof they need to
- Comply with industry regulations.
- Comply with corporate data security or environmental policies.
- Communicate their sustainability initiatives as part of their Corporate Social Responsibility and Sustainability Reporting (CSR).
- Reconcile serial numbers upon transfer of ownership
Data Destruction Tracking System
- Customers will have access to a secure portal where they can track their e-waste throughout the recycling process from pickup to final demanufacturing via our intelligent TrackEwasteTM system
- Clients will receive notifications each step of the way
- Clients can schedule pick-ups online
- Clients can track recycling history for up to ten years
- Clients can view detailed hard drive audit reports
- Clients can view detailed reports of serialized items such as laptops, desktops
- Clients can print recycling and destruction certificates
- Clients can view real time video surveillance of our data destruction Bench
Why choose SBC Recycle for all your recycling and data destruction needs?
SBC Recycle has a dedicated team with experience and processes in place to handle any situation when it comes to recycling. Our team can also custom design an ongoing or one time project to suite your recycling needs.