I’m sure you are aware that Target’s 2013 data breach is among one of the most publicized data breaches in history. The breach exposed the account information of millions of Target customers.
This breach received a lot of press coverage as it was considered to be the largest breach of its kind, at the time. It was also unique, in that the hackers compromised a third-party vendor network to execute the breach. That third-party is widely reported to have been an HVAC contractor for Target.
A small business, the HVAC company lacked sophisticated defenses to not just prevent a hack, but to be aware that a hack was taking place. The hackers gained control of the HVAC company’s computers that connected in to the Target network. The hackers were able to then infiltrate the Target network and install malware that captures customer credit card account information, names, addresses and more.
Target has been the subject of investigations by 47 states and the District of Columbia, resulting from this hack. In settling these investigations, Target has agreed to pay the states $18.5 million in fines and implement more layers of data security and implement an information security plan, under the guidance of a new executive to be hired to oversee it.
Part of this new information security plan involves implementing encryption for sensitive data, ensuring that credit card and other sensitive customer account information is housed on a separate network dedicated to this purpose and keep its software up to date to protect against known vulnerabilities.
Some of these steps seem very basic, yet one of the nations largest retailers, with ample resources to protect itself, was compromised. It’s a reminder, if not a wake up call, to businesses of all sizes that they need an information security plan. Does your business have one? If not, you should take steps to formulate and implement one as soon as possible.
Cost associated with data breaches continue to rise and this settlement is just the latest example. Most businesses do not have the financial resources to survive a damaging data breach. Take the steps to protect your business by creating an information security plan and reviewing it no less than annually. Be sure that you are carrying an appropriate cyber insurance policy to protect your business and invest in educating your employees on keeping your business safe.