Cyber security is becoming a topic frequently touched upon at corporate board meetings due to pressures by anxious shareholders holding upper-management responsible for data breaches. Most companies still do not take a proactive but rather a reactionary approach to security. Only when it is too late and a breach has occurred, cyber security becomes a reputation issue effecting brand name, shares and customer confidence. As things start to affect bottom lines, we see management start to pay attention.
Business leaders need to change the way they view cyber security, cyber threats and us – the people whose data is compromised as customers or patients of these businesses when a breach occurs. We must demand that corporations do all they can to address the security threats and gaps that exist today.
Personal data gets collected everywhere online and even at places when we’re not on the Internet. We allow our healthcare providers, banks, and insurance companies to collect and store our personal information, like our phone numbers, birth dates, addresses, and even our social security numbers. This is a willing act. What are we thinking? What happens when one of those organizations is the target of a data breach? Time to get your head out of the sand!
Keep in mind that the bad guys can sit on stolen data as long as they want. Financial data becomes of no use the moment someone detects the fraud and subsequently cancels the credit/debit card or account. However, many pieces of personal information are not so easy to kill in an instant. Information contained in health care records for example has a significantly longer shelf life and if this can be paired with other private data, criminals can have access to very rich information to use in a number of ways. Medical and insurance records may contain information about where you live, what medical treatments you had, who your family members are, Social Security number and who you work for – none of which can be easily changed or cancelled. Keep in mind that medical records and prescriptions are permanent!
When a data breach makes the news headlines, the hacked organization provides those affected with credit monitoring and identity theft insurance for a year or two. Remember that this is after the fact and the data is still out there. Who is to say that one will see the consequences of a breach immediately, and not several years from when the breach occurred? Once the free credit monitoring and identity theft services come to an end, the burden is on us to deal with the consequences of permanent private data that is floating out there.
Many experts believe the health care breaches are the work of state-sponsored, well-funded groups. Now imagine if the health care data stolen from several breaches was ever combined, like Tricare Management, Montefiore Medical Center, Anthem or the recent Excellus breach, with the data stolen from the Office of Personnel Management; now there is a truly scary thought!
Let’s admit it. Our personal information lives everywhere, and we’re in deep trouble if we don’t demand that corporations implement solutions to control who has access to sensitive data and what authorized users can do with this information once they are given access. Sensitive files must be protected anywhere, all the time.