To really understand a person’s problems, you need to walk a mile in his or her shoes – at least, so the saying goes. In the case of the Target breach, your organization can potentially learn a lot from walking a mile in a breached organization’s proverbial shoes. This event is turning out to be a game changer in more ways than one, and all organizations with a vested interest in keeping Personally Identifiable Information (PII) safe really should take note.
The concern about how a data breach may impact you as an individual is a valid one and, in recent days, has caught the attention of consumers everywhere. The massive breach that impacted Target, not to mention the intimation that there are more retailer announcements to come, has activated our collective consciousness concerning the safety of our personal information. The number of people who have been impacted is staggering, but overshadowing that is the concern about the type of personal information that has been exposed. In general, people are unclear on how to react, or what to do next to protect their identities.
The holiday season is in full swing, and by now you’ve likely seen the annual warnings, tips and advice geared toward protecting your personal information. This is certainly the time of year that offers many opportunities to the thief. But much of the advice given can be followed all year long – for that matter, one of the best times to stay vigilant is right after the holidays, as thieves often wait to utilize the information they’ve stolen.
With that in mind, Kroll urges consumers to consider this season the “unofficial” kickoff to securing your personal information, and offers the following tips:
Kroll information security expert Brian Lapidus is among a select group of experts featured in a new report conducted by Longitude Research and SAS on cyber threats in banking. Released on October 23, “Cyberrisk in Banking” examines cyber risk in financial services: the industry’s greatest cyber vulnerabilities and opportunities with the ultimate goal of elevating what has traditionally been considered an IT issue to a risk management one. The study is based on a survey of 250 respondents in the financial services sector (55 percent in retail banking and 45 percent in commercial banking), who have influence on, or knowledge relating to, their organization’s cyber security risks and responses. In general, the study found that awareness levels and preparedness strategies are not sophisticated enough to keep up with the evolving threats to the industry. When asked what they see as their organization’s primary challenges in dealing with cyber security in the coming two years, respondents rate technology limitations (cited by 39 percent) and difficulties in keeping pace with rapidly changing cyberrisks (38 percent). “There is definitely a learning curve in keeping up with the latest threats as they are constantly evolving and changing,” said Brian Lapidus, senior vice president at Kroll. “There is never enough customer awareness and there are lots of evolving methods, particularly social media.” Download the full report.
Earlier this month, CNET ran an article entitled “How to respond to a data-breach notification,” a topic that is obviously near and dear to Kroll, and one that typically does not get it’s due. We’ve written about the consumer’s reaction to breach notification letters before, and how companies need to take this into consideration when crafting the letter.
Many articles focus on various issues surrounding the act of notification itself – the “quality” of the apology from the company, the fact that many consumers ignore the letters for various reasons, and whether or not credit monitoring is offered. But notification is a lot more complex and confusing from the consumer’s viewpoint than these seemingly disengaged conversations would imply.