Target Data Breach Highlights Importance of Cyber Security

Target Data Breach Highlights Importance of Cyber Security and a Data Breach Plan

Target’s data breach of over 70 million customer records highlights the danger that data breaches pose to businesses, especially small businesses since a large percentage of small businesses close within six months of an announced data breach.  If have not done a recent security review or do not have a data breach plan, you should contact your lawyer and security consultantl.  In addition, since Bring Your Own Device (BYOD) offices are listed as one of the major vulnerabilities of 2014, you may want to ensure you have a policy that addresses BYOD.  Of course, if you prefer taking your chances, you want may to try this handy fashion accessory.

California Updates Data Breach Notification Requirements

Forty-six states have data breach laws, in fact California just updated theirs effective January 1 to expand the class of information covered to now include

An individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:

  • Social security number;
  •  Driver’s license number or California identification card number.
  • Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account;
  • any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional;
  • an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual’s application and claims history, including any appeals recorrds;
  • a user name or email address, in combination with a password or security question and answer that would permit access to an online account.

2014 Cyber Threats

In terms of what to expect for 2014,  ZDNet’s Charles McLellan does a great job summarizing what the major security firms are prediction for 2014 here.  Some of the scariest predictions are below.
  • Increased in Ransonware infections (i.e., infections designed to render a computer or its files unusable until the computer user pays the demanded amount of money to the attacker)
  • More crimeware will destroy the operating systems (OSs) of targeted systems as a last step of an attack
  • A foreign power or organized cybercrime group will have breached a mid-sized or municipal utility for a long period
  • The ‘Internet of Things’ becomes the ‘Internet of Vulnerabilities’
  • A major data-destruction attack will happen
  • Attackers will increasingly lure executives and compromise organizations via professional social networks
  • BYOD Represents the Weakest Link