There is an ever increasing need for tighter security measures in view of the growing sophistication of cyber criminal networks. But businesses have not responded well to the call for security upgrades. This poses grave danger to systems from consumer data to the nation’s infrastructure. In response businesses may face penalties for disregarding needed security enhancements.
Exponential Increases in Security Breaches
Businesses are the prime targets of organized cyber crime. This is because of the wealth of data they hold, from consumer and investor financial information to sensitive research data. Hacking activities to access such data has increased by 100% year to year. Millions of records are broken into each year, over 60% of them belonging to smaller businesses. These smaller businesses are easier targets because of the lack of attention normally paid to data security.
About 30% of known security breaches in small to medium-sized businesses are due to employee oversight and negligence. As businesses are responsible for those in their employ, they are also responsible for actions that pose risks to others outside the business. As a result of the increasing threat to consumer data, penalties imposed on these businesses for the failure to secure consumer data are getting steeper. If it is proven that an organization has not taken proper steps to shore up security, the penalties can be very heavy indeed.
Strict Penalties for Non-Compliance
In the state of Virginia, a fine of up to $150,000 can be levied for a breached system. Individual victims can now also file for the recovery of resulting financial damages. Class action lawsuits are not new in the area of information security breaches. Individuals have been known to be awarded as much as $2500 in such suits against companies whose databases have been hacked. But this is a small sum paid back compared to the $20 billion total taken from individuals due to hacks in 2012.
Other states and the federal government have begun to strengthen their hold on businesses with regard to security practices. Many are legally requiring businesses to inform their consumers of security breached involving their personal data. This would give consumers the head start they need to take the individual action necessary to secure their finances. For instance, credit card numbers and password-protected account information can be changed to ensure access is restricted.
Lawmakers face one hurdle, however. Data which is encrypted for security reasons can provide a loophole. Encrypted data cannot be accessed without proper authorization, and this can be an excuse for the inability to discover and disclose what information has been stolen.
Stricter legislation is aimed at encouraging businesses to pay closer attention to government requirements and the suggestions of security experts. The end goal is to protect consumer and investor data and in so doing protect the country’s financial infrastructure. Most businesses fail to recognize the role their negligence plays in the destabilization of the entire system.
Suggestions from Security and Legal Standpoint
Security and legal experts have been working together for some years to provide systems that work against organized cyber crime. They stress now more than ever that companies need to make IT system weakness detection and elimination a priority. They need to monitor their systems to pinpoint what attacks they have been vulnerable to and determine what needs to change to prevent future attacks. Regulatory requirements are in place, but companies need to readily comply with the latest standards to ensure maximum security. This will minimize risks that cause damage in areas such as credit card processing, insurance fraud, and investor accounts. Most businesses do not even know what the standards for payment cards are, and they suffer the most security breaches. These lead to much greater costs like fraud, theft, replacement of stolen data or intellectual property, loss of income, extortion, and legal fees.
To deal with employee negligence, stricter procedural policies must be established by all businesses. This includes firm guidelines on the processing of information, restricting access to only necessary personnel, and regular checks for physical data leaks. All personal devices allowed to access the company network must be properly secured with encryption tools such as VPNs. Any suspected breaches must be investigated immediately. They also advise consumers to take the extra security offered by VPN services to protect their online transactions with any businesses.
With proper precautions in place and the law to encourage a robust response to suspected threats, security and legal experts feel we should experience a significant reduction in financial losses and threats to infrastructure.
|Rank||Provider Name||Starting Price||Money Back Guarantee
||Visit Provider Site
|5||StrongVPN||$21/ 3 months||7 Days|