So, you’ve actually started to get outside help on your security. If that’s the case, then you’re definitely in good company. There’s no need to feel embarrassed because you feel like you should be able to handle everything on your own. The marker of a truly successful organization is one that has truly learned how to delegate from start to finish. So there’s really no reason to feel like you’re not moving the company closer towards its overall goals just because you’ve gotten outside help.
Part of your outside consulting plan might be a vulnerability assessment, but that doesn’t necessarily mean that you’ll be overjoyed to see the results of the scan. It can be hard to handle the results of a vulnerability assessment without stress, but it can be done.
One of the biggest points of stress within an organization is that the results of a vulnerability assessment can make people feel like they’re in the middle of the “blame game”. There’s no reason to point fingers, as everyone in an organization is responsible for making sure that the network is as secure as possible. If one person forgets to change their passwords, then technically they are contributing to the security risks.
If you want to make sure that you can quickly handle the results of a vulnerability assessment without stress, you will need to make sure that you do take the time to ask questions. The more you can understand from the vulnerability assessment, the easier time you will have in actually solving the problems that the vulnerability assessment highlights. That’s really all there is to it, so why not get started today?
However, ITRC also emphasized the statistics could be highly flawed due to the lack of transparency with data breaches. The total number of records compromised was collected from only 51% of publically reported data breaches.
“Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events”, the IRTC said in a press release. “It is clear that without a mandatory national reporting requirement, that many data breaches will continue to be unreported, or under-reported.”
While 46 states have data-breach laws in place, only five states (Maryland, New Hampshire, Vermont, Maine and Wisconsin) make that information “public in a meaningful way,” said ITRC founder Linda Foley. The ITRC predicts that the mandatory reporting will soon be federally enforced through either consumer lobbying or legislation.
With the number of data breaches and compromised records on the rise and the heavy movement towards data breach transparency and reporting, merchants cannot risk being vulnerable. Those who do not have proper network security in place should protect themselves from the negative publicity, heavy fines and fees, and loss profits as soon as possible.
PCI compliance and network security have been a hot topic among businesses to protect customer data. Several states have even created legislation based on compliance to protect citizens. Well, nonprofit organizations should be just as concerned – if not more- about compliance and data security since they have an increased risk of data breaches.
Nonprofit organizations usually have less resources and smaller budgets compared to other entities. Plus, nonprofit organizations usually have a smaller staff that may not be well experienced in data security. It is because of these limited resources and personnel that nonprofits have an increased risk of being breached than other businesses.
Also, due to the nature of a nonprofit organization, security breaches could be much more devastating. Nonprofits collect, use and store personal data for their patrons, staff and most importantly donors. This personal data includes name, driver’s license, and credit or debit card information. Some nonprofits even collect other vital personal data, such as health and financial information. If an organization suffered a data breach, they could lose the financial donations and support that they rely on and ultimately have to close their doors.
Last week, Japanese car manufacturer Honda alerted its customers of a data breach including a compromised list of names, usernames, e-mail addresses and Vehicle Identification Numbers. While no financial information was leaked, Honda warned customers that they may receive fraudulent e-mail messages, attempting to trick customers into providing personal and financial information.
The list, which was managed by an outside vendor, was used to send a welcome e-mail message to new customers who signed up for an Owner Link account on the official website for Honda owners. The third party vendor, which is speculated to be e-mail marketing firm Silverpop Systems, has also been linked to the recent McDonalds security breach.
Unfortunately, these large-scale companies did not choose a provider that could adequately protect their information with proper security measures. Remember, when selecting an outside vendor to manage networks and/or customer information; make sure the company can provide documentation that their systems are protected and compliant. If you have questions regarding compliance and what you should ask third-party vendors about their security processes, we can help you. As the most comprehensive PCI solution available, we are experts in network security and PCI compliance.
Financial institutions and retailers have long debated who should be responsible for recuperating the costs associated with a security breach, but one bank is taking it a step further by urging its customers to lobby for new legislation making retailers, instead of banks, responsible for financially replacing breached cards.
“Tell them that you believe that the retailer or vendor responsible for the security breach should be held financially accountable for the costs of reparation,” HarborOne wrote. “Urge all of them to sponsor and support legislation resolving the credit and debit card security crisis by having vendors and retailers and other businesses establish sound information security systems.”
However, Jon Hurst, president of the Retailers Association of Massachusetts refuted HarborOne’s position claiming that the financial industry created electronic payment and are reaping billions of dollars in profit despite the losses from security breaches.
“They’re making money hand over fist,” he said of banks, card issuers and others. “They’re charging all these hidden fees and (the cost of breaches) are all built into their financial structure.”
As the debate continues and new legislature is created, it is important to remember that someone has to pick up the price tags associated with a security breach. While retailers already face fines, fees and lost profits with a security breach, don’t let one more expense possibly take down your business. Avoid the negative press, hassle and expenses and become PCI compliant today!