On the Hook for Hackers?
Once you are hacked, you have to worry about what data was lost, where it went to, and whether it’s being used maliciously. That, along with towering legal fees, the embarrassment of having to inform all your clients and vendors about the hack, not to mention your damaged reputation, is enough to make your head spin.
Now an U.S. appeals court has confirmed that the U.S. Federal Trades Commission (FTC) can fine organizations that employ poor I.T. security practices.
You can bet that other countries will follow suit and make organizations libel for their poor I.T. security.
The ruling was part of a lawsuit between the FTC and hotel chain Wyndham, who was hacked 3 times in 2008 & 2009. Wyndham lost credit card data for more than 620,000 customers, not to mention the $10.6 million they lost due to the fraud.
FTC outlined specifics of Wyndham’s “poor I.T. security” including:
- Wyndham allowed its partner hotels to store credit card information in plain text.
- Allowed easily guessable passwords in property management software
- Failed to use firewalls to limit access to the corporate network
- Failed to restrict third-party vendors from access to its network.
You’re probably shaking your head right now, wondering how a big organization like that could make such huge mistakes…
Unfortunately, these are very common I.T. security steps for organizations to skip unknowingly.
63% of credit card breaches involve the compromise of data that was not known to be stored.
This means that despite your policies about the handling of credit card data, there is the very real possibility that you have unsecured cardholder information on your servers or desktops. Odds are your staff put it there for what they perceive as valid business reasons. Eg. A department may keep a list of credit card numbers that are billed monthly in an excel spreadsheet instead of figuring out how to use the secure system that’s been installed to manage this.
The top 25 worst passwords represent almost 3% of all passwords in the world.
This isn’t surprising when you consider that roughly 75% of surveyed people fail to follow best practice guidelines when creating complex passwords for new and existing accounts. It is estimated that every person has approximately 19 passwords. That’s a lot of easy passwords to hack…
A firewall is a business’s 1st line of defense.
While many internet services already provide firewall protection, most small business owners are unaware that the vast majority of standard firewalls only monitor incoming traffic by default, giving them a false sense of security and enabling CyberCriminals to view outgoing traffic that may contain credit card information, customer transactions, and other financial communications.
63% of the 2013 Trustwave Global Security Report were linked to a third-party component of I.T. system administration.
Granting access to an outsider lowers your security level. If they have feeble controls, they become the weakest link in your security chain. If a hacker compromises their system, he or she can use that as a backdoor into your network.
With so many businesses being hacked, and with CyberSecurity being more important than ever, now is not the time to skimp on your I.T. security budget.
The costs are simply too great.
But you can see how easy it is to miss important I.T. security steps.
We understand that I.T. is not your forte, and you’re just too busy doing your own job to keep up with all the I.T. ‘stuff’. That’s where we step in.
We handle everything I.T., so you don’t have to.
With any of our Monthly Service Plans, you can be sure your I.T. is handled.
We Make I.T. Work!
Ask About Our “Core Security Solution” Package!