How to Protect Your Business From a Data Breach
As a result of the recent spate of high-profile data breaches at retailers such as Target, Neiman Marcus and others, compromising credit and debit card and other personally identifiable information for hundreds of millions of consumers in the process, data security has become priority No. 1 for many retailers in 2014. And for good reason: The consequences of suffering a data breach are numerous, and none of them are positive — consumer mistrust, a drop in traffic and a decrease in sales, to name just a few.
In an interview with Retail Online Integration in advance of next week's webinar, How to Prevent a Massive Data Breach Disaster, Chris Strand, PCIP, security compliance practice director for Bit9, a provider of software and network security services, offered his thoughts on the value of data protection in the wake of recent breaches that have left many consumers on edge. (To hear more on this timely and extremely relevant topic, register for the webinar here.)
Retail Online Integration: What's the business impact of a massive data breach such as the one at Target?
Chris Strand: It can be disastrous to any organization on a number of different levels. First, there's the immediate brand damage. The loss of critical information that was entrusted to the brand could seriously damage the relationship with the customer, resulting in loss of business as well as damage to a company's industry reputation. On top of that, when a company loses customer information, it not only has to answer to customers, but in many cases it must pay the costs of replacing the lost information. This can seriously affect the bottom line and in some cases lead to the total collapse of the business.
Another major business impact of a massive breach is the resulting fines to the company if it was discovered to be out of compliance with any major regulation it's required to adhere to. In the case of retail breaches, there's almost always a loss of credit card data. The card brands (e.g., Visa, MasterCard) would not only require that the company in question pay for the card replacement cost, but will also fine the company if it's found to be noncompliant with PCI DSS (Payment Card Industry Data Security Standard).