Sunday, March 27, 2011

How much your data safety is worth?

A few months ago LinkedIn users were slammed with “update your account” messages. If they responded, their computer got infected with data swiping malware, stealing credit card information from their hard drives.

Not so bad if only your personal data was stolen. What if you have stored client data and it got breached?

Unfortunately, credit card fraud protection only applies to an individual being a fraud victim. However, as a business owner, you are responsible for all losses your customers suffer, if you are held to have breached reasonable standards of protection. And, most small businesses fail to meet the standards that courts hold them responsible for.

With the proliferation of computer malware, small businesses have much to worry.

If you are playing the “odds” game, there is room for much concern. Gone are the days when fraudsters invested much time and brain power to create specialized software to commit their deeds. Nowadays, a burgeoning market for malware allows fraudsters to buy turn-and-click software that are operational within minutes, allowing them steal credit card information, keylog sensitive passwords and spoof wire transfers. And, all this for a few thousand dollars in investment only!

Bugat, the malware behind LinkedIn attack, costs only $500. SpyEye and Zeus Builder are a few other examples that cost only a few thousand and provide the fraudster with a huge upside.

As malware is constantly updated, even the most sophisticated security software may not safeguard you against novel malware. Therefore, the best protection is to have a dedicated computer for financial transactions with limited internet and no email access.

However, in the unfortunate event that a breach occurs, detailed documentation of your safety processes are your only savior out of liability in the courtroom. Invest the time to ensure your safety procedures will meet the “reasonableness” standard set by the law. This investment will save your business from coughing up millions of dollars to make your victims whole.

For additional information safety tips, you can consult the Federal Trade Commission website.

No comments:

Post a Comment