Data privacy breaches are becoming more and more prevalent and common in the United States today. Â Did you know that on average, as many as 72,000 documented breaches of personally identifiable information (i.e. a consumer record with details like name, address, and social security number) occur every day?
Concerns about identity theft have consumers living under constant fear of exposing their credit card or personal information — especially online.
What’s so unsettling is the fact that many of these data privacy breaches occur due to negligence or failure to stem procedural errors in the workplace. Beyond bad practices and security lapses, is the fact that many companies simply do not believe they could be affected by data privacy breaches through hacking, theft, or simple data loss.
Many of data privacy breaches of consumer and patient records occur in companies known as “third-party processors”. In the financial services industry, this entities work between merchants and banks to handle and/or analyze credit card transactions. Companies with such access to information are a hackers’ dream, since they will try to get access to the thousands of personal accounts records on line. Until the data loss is detected, identity and/or credit card theft can occur unchecked.
Data privacy breaches and hacking affect as many as 8 million Americans each year, costing billions of dollars and countless hours to correct the problems it creates. Global Payments Inc., for example, recently reported that as many as 1.5 million card numbers were compromised in a data privacy breach. Besides processing cards in the U.S., this firm serves government agencies and businesses in Canada, Europe and the Asia-Pacific region.
Given the need to prevent data loss of this kind, what are companies with personally identifiable information (PII) doing to protect it? The first step is corporate wide awareness of the problem; employees must not be allowed to think it “could not happen here.” Even though identity theft incidences have been on the rise for years, people are still surprised when it happens and companies have not taken enough data loss prevention steps.
Having strict policies and practices in place doesn’t seem to be enough given the growing numbers of identity theft in the United States. Hackers and others with malicious intent are finding more creative ways to purloin personal information.
Here are some tips in safeguarding against hacker attacks and data privacy breaches:
1. Assume they will happen to you!
2. Make sure passwords that control access to databases and file systems containing sensitive data sets are routinely changed and encrypted.
3. Deploy software that will detect and block attacks from infiltrating your databases.
4. Prevent hacking by an “insider” by implementing and enforcing strict procedures and policies across all your networks.
5. Apply data masking functions to PII in databases and files with a tool like IRI FieldShield so that if the network is breached, or media is no longer in the company’s possession, the risk is mitigated or nullified because the data is still protected.
6. Do not share production information with external entities for any activity you cannot monitor, including testing and application development.
7. Eschew the use of production data for testing; leverage technology like IRI RowGen to create safe test data that’s generated and/or selected randomly so there is no possibility of real data being used.
8. Conduct regular audits of systems, and training for employees in the importance of, and procedures for, data loss prevention. DLP should be part of an overall data governance initiative overseen by CISOs or compliance officers.
If you feel you are victim to a data privacy breech, you can visit the Federal Trade Commission (FTC) website for more details.