USPS Data Breach: What SMBs Can Learn
As a small or mid-size business, you probably do not worry about hackers and data breaches. Your information is safely stored in-house or in a secure cloud service. You do not have trade secrets or intellectual property coveted by foreign governments or industry. You accept credit cards, but those transactions are processed, saved, and secured by the credit card processor … you do not even have credit card numbers in your files or systems. It is not unreasonable for you to think that you are not a data breach target.
You are wrong.
The recent data breach at the US Postal Service should, however, serve as a wake up call. Hackers breached USPS systems not for customer data or credit card information; the hackers stole HR records for hundreds of thousands of postal employees and retirees (customer data was just a bonus). And, while the hackers were not able to go on an immediate debit-card spending spree, they captured all of the data necessary to steal identities — names, addresses, social security numbers, and more.
Regardless of your size, any personally identifiable information in your possession is an incentive for criminals. And you don’t need to be big to be caught. A stolen laptop, compromised account, or lost USB stick can enable data breaches in systems you think are secure.
Malware is the inbound marketing tool for hackers and identity thieves.
When malware spreads, it makes its way onto business computers that the hackers may never have known existed. Malware often sits in wait, capturing passwords or other information and communicating the information to servers half way around the world. Hackers can then use this information to assess the value of the target and to gain more access to even more data. Hackers may also sell this information to other criminals.
Your business needs protection in place, and awareness of the scope of the problem is the first step. Permissions monitoring and management, web filtering, device protection, endpoint protection, mobile device management, and user data protection may all be components of your solution.
Please contact us for a complimentary review of your current data protection coverage.