Held for Ransom
In late 2013, Target was the victim of a massive data breach that affected as many as 110 million customers. Cyber attackers installed malicious software on point-of-sale devices at Target stores and stole the financial information of 40 million customers and the personal information of 70 million. From lawsuits and fines to the costs of offering free credit monitoring and hiring a computer forensics investigator, this breach was massive.
No business is immune to a data breach—not even a nationwide retailer like Target. Over 30 percent of cyber-attacks occur at companies with fewer than 250 employees. Cyber-attacks are scary, but your business can survive if prepared. Below are some lessons learned from the Target breach:
1. Be Prepared with a Cyber Response Plan
Target experienced a decrease in sales immediately following customer notification of the breach and tried offering a discount and free credit monitoring, but it may have been too late.
A data breach can directly affect your relationship with your customers or clients. They may not feel safe doing business with you anymore, and you must be prepared to prevent that. One way to proactively protect your business is to create a cyber response plan—it will serve as your roadmap during a data breach.
2. Know Your First Move After a Breach Happens
Target waited four days to inform customers, and the company was most likely using that time to assess the damage and prepare its response. If you experience a data breach, the first thing to do is learn as many facts as you can about the breach.
Determine when and how the breach occurred, what information was obtained and how many individuals were affected. By fully analyzing the data breach, the information you give to your customers or clients is as accurate as possible and will hopefully ease their worries.
3. Improve Your Cyber Security Protocols
Soon after the breach, Target announced to customers it had invested in internal processes and systems to reduce the chances of a data breach happening again..
Every company has data to protect, whether it’s client or customer data, employee data or other company information. Encrypting your sensitive data, using role-based monitoring to detect suspicious insider activity and adopting the cyber security standard by the National Institute of Standards and Technology are actions you can take to strengthen your protection. Regularly review your security protocols to ensure your data is adequately protected because as technology evolves, cyber criminals evolve, too.
4. Know the Impact on the Company’s Leadership
Five months after disclosing its data breach, Target CEO Gregg Steinhafel left the company after 35 years.
Target’s story shows that the after effects of a data breach impact more than just your cyber security measures. Your company’s leadership may change, either voluntarily or out of necessity, so you must be ready to react.
5. Protect Your Business with Cyber Liability Coverage
Notifying customers, setting up a call center dedicated to breach-related calls, and providing free credit monitoring are a few ways Target responded to the data breach. These actions are costly, but fortunately for business owners, cyber liability coverage can help defray that.
Every company is a potential target for cyber criminals. Don’t think of a data breach as a possibility but as an expectation, and always be prepared to respond.
For the complete e-book and more detailed information about assessing your risk, creating a response plan and purchasing the proper insurance coverage, click the button above.