Kroll Fraud Solutions Blog – A Dialogue on Data Security

The holiday shopping season is in full swing, and this time of year always fuels interest in the latest cyber security threats that are affecting retail and associated industries. With that in mind, Kroll’s upcoming newsletter will feature tips and threat information that’s essential this holiday season. Of course, sometimes it’s not the latest and greatest risk or new technologies that companies have to worry about – and as the following case studies illustrate, retailers would do well to brush up on history.

In my experience as a forensic and cyber-security practitioner, I am often engaged to advise clients on a wide range of issues when they are faced with a possible data breach: Validation of breach occurrence, confirmation of the breach population, whether records were accessed or acquired, and assistance  with remediating the vulnerability that may have led to the breach in the first place.

Tip #4: Provide adequate privacy considerations for your customer incentive and online marketing programs

During this season, half the battle for retailers is simply gaining the customer’s attention. The most recent trend is the use of social networking and mobile phone apps to offer incentives, coupons, and general information to consumers – and, of course, to collect data. This is a wonderful opportunity, but it also leaves you with a lot of data to protect, and protect it you should. One of the driving costs of data breaches is the loss of business that comes as a result. According to Ponemon Institute reports, the abnormal customer churn (or turnover) rate resulting directly from a data breach is slightly higher than last year — up from 3.6 to 3.7 percent in 2010.

This month, Connecticut Attorney General Richard Blumenthal announced that his office reached a settlement with health insurance company Health Net over their breach of sensitive patient data. The agreement resolves allegations that Health Net violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as state privacy protections. The Health Net breach dates back to May 2009, when the company lost a disk drive with PII and PHI for some 2 million patients. The company took more than what Blumenthal considered a reasonable amount of time to report the missing disk and notify affected individuals. Blumenthal alleged that the company delayed and otherwise failed to properly inform the state governing authorities.

Faxes and copiers hang on to your sensitive documents a lot longer than you think

As if worrying about causing a data breach through simple fax error weren’t enough, there’s another menace lurking in your office equipment that can sabotage your security. Most copiers and fax machines less than seven years old contain hard drives or memory chips that can record and store any data sent through the machine; that is, any document you copy or fax.