Is your document or mail facility likely to be the next victim of the Target hackers? Probably not.
But that sense of security helping you sleep at night because you think you're a minnow swimming in a pool of whales is likely misplaced. Those sophisticated crooks halfway across the world aren't interested in your company, but there are plenty of less-ambitious criminals that might be tempted. Of course these guys won't use spy-movie viruses that infect computer systems and then evaporate without a trace.
If your data gets stolen the caper will resemble Bonnie and Clyde more than Mission: Impossible. The crooks will rummage through your garbage or smash a window and steal a laptop from an employee's back seat. Not as smooth, but just as damaging to your reputation and your balance sheet.
If nothing else, the publicity surrounding the Target breach has raised awareness about a thriving marketplace for personal information. The apparent success of that high-profile crime may embolden other enterprising hoodlums who are looking for an easier mark. That could be your company.
All Personal Data Has Value
One doesn't have to be processing credit card transactions to have data in their system of value to identity thieves. Some experts predict stolen Target data will be used in phishing scams. Affected individuals will be fooled into volunteering additional bits of information which will be helpful in establishing false personas. Some of the data you store for yourself or your customers could be used for this purpose.
We had a suspicious experience at our house. The phone call was supposedly about new charges that appeared on a long-dormant account. The caller identified themselves as a member of the company's fraud protection staff. They had enough accurate information about the account to sound legitimate. In this case I believe they were. But we are watching the account closely just to make sure.
In retrospect, this call could easily have come from someone who got their hands on a damaged statement salvaged from a dumpster. If they were calling to verify the account information was still valid then they were successful. The value of any additional stolen data they had on us probably increased.
Smaller Firms = Higher Impact
The financial impact in the case of smaller-volume data breaches may not reach the stratospheric levels that Target may endure. But on a per-record basis, smaller breaches can be much worse. Target can spread fixed costs such as legal representation or staffing a call center over 100 million records. For smaller companies those expenses get distributed among perhaps 100,000. The remediation cost of each data record can be ten times greater than the amount the big retailers will absorb.
It is likely that your company lacks the PR muscle and the marketing budget that Target will be utilizing as they work on regaining the trust of their customers. You may not have the personnel to manage image-protection as you're scrambling to notify and apologize to affected parties. If your print or mail facility is responsible for data getting into the wrong hands, word will spread among your market territory. You may have only a few dozen customers who get nervous, but they represent a significant portion of your business. I have worked with several small and medium sized operations that would be hard-pressed to keep the doors open long if they lost one or two of their biggest customers.
Like it or not, protecting data is part of being in the document business today. If you're not sure what to do there are plenty of experts who can help. It will pay to be educated. Attend some webinars or conferences. Read some white papers. Bring in someone to spot your vulnerabilities.
As the major retailers learned, you can never be 100% secure. But ignoring the risk will only make matters worse if your company should be involved in an incident. Start taking preventative action now. Only then will your restful nights be legitimately earned.
Mike Porter is an expert in Print and Mail operations and President of Print/Mail Consultants, an independent consulting firm that helps companies nationwide improve their production workflows and save money. For more tips visit www.printmailconsultants.com and sign up for Practical Stuff - the free newsletter for document operations. Your comments are welcome. Send them to mporter@printmailconsultants.com. Follow Mike on Twitter @PMCmike
But that sense of security helping you sleep at night because you think you're a minnow swimming in a pool of whales is likely misplaced. Those sophisticated crooks halfway across the world aren't interested in your company, but there are plenty of less-ambitious criminals that might be tempted. Of course these guys won't use spy-movie viruses that infect computer systems and then evaporate without a trace.
If your data gets stolen the caper will resemble Bonnie and Clyde more than Mission: Impossible. The crooks will rummage through your garbage or smash a window and steal a laptop from an employee's back seat. Not as smooth, but just as damaging to your reputation and your balance sheet.
If nothing else, the publicity surrounding the Target breach has raised awareness about a thriving marketplace for personal information. The apparent success of that high-profile crime may embolden other enterprising hoodlums who are looking for an easier mark. That could be your company.
All Personal Data Has Value
One doesn't have to be processing credit card transactions to have data in their system of value to identity thieves. Some experts predict stolen Target data will be used in phishing scams. Affected individuals will be fooled into volunteering additional bits of information which will be helpful in establishing false personas. Some of the data you store for yourself or your customers could be used for this purpose.
We had a suspicious experience at our house. The phone call was supposedly about new charges that appeared on a long-dormant account. The caller identified themselves as a member of the company's fraud protection staff. They had enough accurate information about the account to sound legitimate. In this case I believe they were. But we are watching the account closely just to make sure.
In retrospect, this call could easily have come from someone who got their hands on a damaged statement salvaged from a dumpster. If they were calling to verify the account information was still valid then they were successful. The value of any additional stolen data they had on us probably increased.
Smaller Firms = Higher Impact
The financial impact in the case of smaller-volume data breaches may not reach the stratospheric levels that Target may endure. But on a per-record basis, smaller breaches can be much worse. Target can spread fixed costs such as legal representation or staffing a call center over 100 million records. For smaller companies those expenses get distributed among perhaps 100,000. The remediation cost of each data record can be ten times greater than the amount the big retailers will absorb.
It is likely that your company lacks the PR muscle and the marketing budget that Target will be utilizing as they work on regaining the trust of their customers. You may not have the personnel to manage image-protection as you're scrambling to notify and apologize to affected parties. If your print or mail facility is responsible for data getting into the wrong hands, word will spread among your market territory. You may have only a few dozen customers who get nervous, but they represent a significant portion of your business. I have worked with several small and medium sized operations that would be hard-pressed to keep the doors open long if they lost one or two of their biggest customers.
Like it or not, protecting data is part of being in the document business today. If you're not sure what to do there are plenty of experts who can help. It will pay to be educated. Attend some webinars or conferences. Read some white papers. Bring in someone to spot your vulnerabilities.
As the major retailers learned, you can never be 100% secure. But ignoring the risk will only make matters worse if your company should be involved in an incident. Start taking preventative action now. Only then will your restful nights be legitimately earned.
Mike Porter is an expert in Print and Mail operations and President of Print/Mail Consultants, an independent consulting firm that helps companies nationwide improve their production workflows and save money. For more tips visit www.printmailconsultants.com and sign up for Practical Stuff - the free newsletter for document operations. Your comments are welcome. Send them to mporter@printmailconsultants.com. Follow Mike on Twitter @PMCmike