More and more businesses are falling victim to data breaches, but are failing to report it to the people that have their identity and financial security at stake – their consumers.
According to an article on Inc.com, small businesses are reluctant to inform data breach victims of their information loss–even though laws in 46 states require them to do so.
“While more than half of American small businesses have experienced data breaches, only 33 percent of them notified victims of their personal information loss, according to a report released yesterday by Ponemon Institute, a Michigan-based security research firm.”
What are you really reading – 67% of companies that fall victim to data breaches have leadership in place that don’t care of about securing consumer breaches AND don’t have the integrity to tell their customers they don’t, not to mention that bank accounts, credit cards, social security numbers are now at stake. But if it’s not the business’ mortgage payment on the line, most don’t own up to it.
But I guess it’s human nature to deny, deny, deny. Remember the last time a spouse asked you where the dry cleaning was? Or when you forgot that birthday, anniversary or meeting? Willing to bet most responses out there where along the lines of “it wasn’t ready yet,” “I can’t believe the post office hasn’t delivered it yet,” “I made surprise dinner reservations,” or “my secretary forgot.” Some call them excuses, others – cover ups.
Realistically, no one likes admitting when they mess up, but hopefully when it’s a serious incident that affects the security and stability of other people they have the integrity to fess up and make it right. And if you don’t want to have to admit to exposing all of your consumers’ data, you better make sure it can’t be breached because denying one happened is illegal.
Denying a data breach can irreparably hurt a business’ image, cost them current and future customers, and open them up to lawsuits and legislative fines. But the technology does exist today to audit you system for sensitive client records so you can secure them – and it’s a lot more cost effective than what it will take to restore consumer confidence in your brand post-breach.
With a simple data profile, you can audit for unencrypted personally identifiable information (PII). Data profiling is a process where all forms of storage and document types are analyzed and the user is provided a searchable ‘map’ of the type of information that exists, where it is located, who owns it, when it was last accessed and what key terms are in it. This can be done on legacy backup tapes, servers and the unmanaged user data. How much easier would it be to prevent a data breach if you could find and remove the data that a hacker would be looking for?
It’s really that simple – would you rather have your company work to prevent a breach or have someone on the inside decide what to do after it’s too late?