Right before Christmas, thieves dampened the holiday spirits of millions of consumers when they hacked into Target’s IT systems. The breach exposed the credit and debit card numbers, PINs, email addresses and other data of as many as 70 million Target customers. Target itself could face billions of dollars in fines, not to mention a public relations nightmare and loss of consumer trust.
Of course, Target is a Fortune 50 company, with revenues exceeding $70 billion annually. Many small to midsize businesses (SMBs) believe that a data breach of this magnitude could not happen to them. Nothing could be farther from the truth, however.
The fact is, hackers are becoming more sophisticated and aggressive every day. Every business — no matter how small — needs to be vigilant about IT security. This is particularly true for companies that accept credit card payments or store financial, health or other sensitive personal information.
Technical mechanisms such as firewalls, intrusion protection systems and user authentication can help thwart intruders and protect data as it moves through the network. It’s important to recognize, however, that these tools are only part of the security picture.
Organizations should evaluate their business and IT processes as objectively as possible, with an eye toward potential security weaknesses. It is also important to establish and document policies and procedures that address security risks, and educate employees about the importance of safeguarding sensitive data.
Even simple steps can go a long way toward improving security:
- Use strong passwords and don’t write them down or share them.
- Encrypt sensitive data that is sent via email.
- Keep security patches and antivirus software up-to-date on all systems.
Customers of TAT, Inc. can rest assured that we take security very seriously. Our IT maintenance service includes comprehensive monitoring of our customers’ systems, networks and security and proactive maintenance of all aspects of the IT environment.
We also recognize that IT security is constantly changing. In the wake of the Target data breach, we took a fresh look at our own policies and procedures and have taken additional steps to lock down passwords and limit administrator access to those who really need it. We did this not because we felt our customers were at risk but to add an extra measure of protection.
The Target security breach isn’t just about the failure of a major corporation to protect consumer data. It’s proof positive that any organization, regardless of size, can be hacked. Organizations must develop a sound security strategy and comprehensive data protection plan that incorporates robust security measures and comprehensive monitoring and management of IT systems.