So just how easy is it to get your social security number, your credit card numbers or other sensitive information?  Too easy,  just ask Brian Krebs. The data security researcher that has recently exposed a HUGE identity theft ring where a botnet was used to tap into “some of America’s largest consumer and business data aggregators.”  The botnet allowed the ring to resell the data through a website “marketed on an underground crime forum.”  This website allowed users to search for SSN’s and other sensitive information for $0.50 per record and up.  (To read the full report click here)

So why is this so important, besides proving the point that identity theft cannot be prevented?  Because it shows you that if these large corporations are unable to protect sensitive data, your small business does not stand a chance.  Right now, small businesses are the number one target for data thieves.  So what can you do?  There are two crucial services that will help your organization greatly reduce the risk of a data breach.

First is a privacy consultant.  Right now you are probably saying “I have a computer guy,” or “I have an attorney.”  Great, but that just isn’t enough.  Data security goes beyond computers and compliance.  You need to hire a privacy consultant that can assess your organization’s risk as a whole, including technical, non-technical and compliance by working with your attorney and computer guy.  The privacy consultant can create or improve your privacy policy and procedures, conduct employee training, monitor for new privacy risks and swiftly make adjustments as needed.  Privacy consultants work by the hour or under contract as an outsourced privacy officer depending on the type of data your organization maintains (and not just credit card numbers), the number of employees, your industry and of course your budget.

Speaking of budget, the next thing you need to do is obtain cyber liability insurance.  What is cyber liability insurance?  It helps to offset the expense of mitigating a data security breach.  “But I have general liability insurance.”  Good for you but did you know that data breaches are not covered by general liability insurance?  That’s right.  If you suffer a data breach you will be forced to pay for the entire mitigation, including investigation, written notification, and fines and penalties, out of pocket.  So just how much does a data breach cost?  The average cost is $200 per compromised record.  Also, did you know that a data breach can occur simply by losing your cell phone?  If your or your employee’s cell phone contained sensitive customer information and it was not encrypted you have been breached.  By law (federal, state and industry wide) you are required to mitigate the breach.  The fines alone can reach up to the millions depending on your industry.  Note: A privacy consultant can help your organization become eligible for cyber liability insurance and possiblly a lower premium.

By utilizing both a privacy consultant and cyber liability insurance your organization will be better prepared to defend against a data breach.  If your organization would like to learn more about privacy consulting services contact the Kerskie Group, Inc. at 239-435-9111.

KERSKIE GROUP, INC.

Every organization maintains personal information such as credit cards, medical or financial information.  You are required by law to protect it.  Kerskie Group’s expert privacy officers help you manage the risks and business impacts of privacy laws and policies through cost effective solutions. Call today 239-435-9111