How Companies Can Protect Themselves from Big Data Security Breaches

4012 words (16 pages) Essay in Information Technology

18/05/20 Information Technology Reference this

Disclaimer: This work has been submitted by a student. This is not an example of the work produced by our Essay Writing Service. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.

ABSTRACT

In our omni channel society, there are multiple avenues that thieves may exploit to retrieve consumer data. This makes it difficult to prescribe a one-size-fits-all data security protocol across all industries. While people often think of these security breaches as being caused by hackers, they can happen because of lapses in security steps at very human levels. For example, in 2014, Home Depot experienced a leak of personal information of employees across the country when their own payroll employees exploited their human resources management software’s unencrypted display of social security numbers (Jac Brittain, 2015). Simply encrypting this information could have protected Home Depot from a second headline-making scandal and helped them maintain their employees’ trust.
On the other hand, hackers may be the culprit by taking advantage of well-known weaknesses in application infrastructure. This was the case for the (very recent) Equifax data breach. According to experts, the breach was caused by a bug in an open-source software package, Apache Struts, that Equifax uses in the dispute portal (Sweet, 2017). Unfortunately, this flaw had been made public in March 2017 and a fix was available soon after. Equifax not proactively taking steps to fix this vulnerability directly resulted in one hundred, forty-three million affected consumers.
Our paper will address the more broad and far-reaching policies and procedures that companies can implement to protect the data that it collects and the consumers who ultimately pay the price.

INTRODUCTION

Protecting consumer data is an important and necessary part of conducting business in today’s information society. Companies that fail to do so properly can lose consumer trust which can make a major impact on a company’s success as a business.

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Find out more

Increasingly today, companies are more frequently making headlines for not taking the appropriate steps to protect consumer data. With huge payouts to customers, fines imposed by government counsels, and damaged reputations, enterprise-level companies must find ways to stay ahead of data thieves.

Consumer data must be protected at all costs and implementing policies to do so are paramount to the success of enterprise-level companies. Consumers ultimately pay the price when a company fails to protect sensitive consumer data which can lead to loss of consumer trust in the company and a shift to a more capable company.

Majority businesses today do have a tight security strategy to protect themselves as well as their main source of revenue which are their consumers. This type of strategy only works for certain type of businesses such as a small independent business but can be very troublesome for larger corporation businesses. The reason why is because, for small independent businesses, they can easily protect themselves with regular standardize data security due to the fact of how many consumers they have and how small they are. With a larger corporation, it’s different because their worldwide and have a larger population of consumers. Those type of corporations can easily lose all that if they have a weak barrier protecting them.

Having very well data security and maintaining them consistently isn’t an easy process. It requires a strong business structure and skillful people to keep it processing smoothly without issues. With that being said, their multiple occasions where that’s just not enough to stop hackers from attacking their company. The scariest part is that employee who works for the company are the biggest threat nowadays. One good example would be two employees who work for Home Depot were convicted for identity theft in their own corporate store (Jac Brittain, 2015).

These two employees worked in the human resources department and because of that they had constant access to employee personal information such as their living status, family personal information, and even their social security numbers. They used that information and opened up multiple credit cards in those employee name and ruined their credit and end up putting those innocent people in unnecessary debt. They were caught and sentenced to jail but because of this, Home Depot lost major creditability from consumers as well as their own employees’.

Another example would be Equifax. Despite having such a big security team and being a well-known company faced a devastating fallout when they had a system breach of 143 million consumers as well as their own employees’ personal information (Sweet, K. (2017,). It all started with a small breath in the system which opened a gateway for hackers to come in and steal the necessary information they need to ruin a person life in a blink of an eye. The security team in Equifax eventually noticed that breach but by the time they noticed it was too late and the damaged was already done. The main problem was the security team noticed it a couple of months late that there was a vulnerability in their personnel system. The security team took proper actions and resolved the issue but they quickly noticed another issued and gradually realized the situation they were in. Eventually, they were able to fix all the problems, but it caused a havoc to the point where multiple upper management employees were fired not only for their negligence but how handled this whole situation. The craziest part is being a multi-million-dollar company, there should’ve been extra precaution taken to prevent that. Unfortunately, there wasn’t and because of that, they incurred such huge loss to the point where they could’ve easily gone bankrupt but surprising they were able to come back from such a disaster and still remain in business, but the question is for how long though.

My last example would be TJX’s. TJX is an American apparel and home goods retail company such as Marshalls, HomeGoods and TJ Maxx. They had one of the largest data breaches in history in early 2003 till mid-2005 and 2006. Over 45.6 million credit and debit card numbers were stolen from one of its systems over a period of more than 18 months by an unknown number of intruders (Vijayan, J. 2007). The main reason how this happened was lack of data security. When the U.S Secret Service, as well as the U.S. Justice Department and the Police, were involved in this matter, they found multiple causes that lead to TJX system breach. One would be the company’s carelessness of not knowing the situation sooner. Another would be situation control, TJX could’ve reacted better and stopped the breaching a lot quicker if they had a strong security team. The number one reason that leads to their company breach was lack of updated systems. “TJX had violated industry security standards by failing to update its in-store wireless networks and by storing credit card numbers and expiration dates without adequate encryption” (Vijayan, J. 2007). Due to this, their system was easy prey to hackers. They eventually took control of the situation and stopped the leak but in the process lost major credibility and inquired a huge loss that cost them over millions of dollars.

We currently live in the era of modern technology. Right now, technology is the basic foundation of any business. Knowing that, the chances of data breaches are certain in any company. Accepting that fact is the quickest way to grasp the situation and focus on making proper contingencies plans. Every company should be constantly focused on not only preventing but having the right capabilities of stopping any cyber threat.

There are multiple steps that can be taken to do so. One such would be a strong educated and knowledgeable security team that is aware of all types old, modern, and new technology systems just as a hacker would know. Having someone with that kind of ability can greatly strengthen a company security. Another factor businesses have to consider is the requirements that are needed to hire someone in the company. Something this sensitive and important shouldn’t be processed in a rush. For example, when a business loses a valuable staff in their security team, they should focus more on the candidate their interviewing rather than focusing on the how fast they need to fill the empty position.

The best way they should process this situation is not by jumping into it and hiring that person on the spot but instead should take one step at a time and do a thorough background check of where that person worked previously or what kind of expertise and experience they possess that they can bring to strength the company overall.  A good way to test their ability is by giving them scenarios of issues that have happened in the past and get feedbacks of how they would approach it to resolve it.

There are other steps that can be taken to get in front of such situations with cyber-attacks. According to Gunter Ollman, there are six steps that he believes would help any company excel from such threats. The first and second of the six steps is to trace and closely monitor what is being processed within the organization and make sure their fully encrypted at the source, so they don’t easily get broken into especially with the ones that stores sensitive data. The third, fourth and fifth step is to create a log system and a strong automated scanning system. The purpose of the log system is to create a regularity audit where it’s going to be monitored and checked on a weekly basis to make sure everything is running smoothly. The purpose of an automated scanning system is a little similar to an audit but with this step, it goes a little bit more in depth as far as monitoring and checking go. The last step is the most unique out of all the steps. In this step, the purpose is to create a number of “false flag.” And what that is pretty much an empty decoy or a crash test dummy that is created to alert the security team if anyone tries to access any type of information within the organization.

Those six steps are essential in any business and most appropriate. The big issue that most company lack is the resources. Technologies like this aren’t cheap and maintaining them can be very costly. Technologies are constantly growing and updating each day. To keep up with them is no small task and many businesses out there are realizing that. This is one of the biggest reason why business get attacked with a data breach. Criminals just like technologies are constantly growing and learning each day as well. Their getting smarter and finding out clever new ways to attack companies who are vulnerable or have a weak security system protecting them. The reason why is simple, technologies are easy to acquire and can be found anywhere especially online.

The worst part about this is that businesses usually don’t realize the full situation before it’s too late. Data breaches can cost up to millions of dollars and can even go far as total bankruptcy to the point where the company is forced to go out of business. Their so much to put in factor when theirs a data breach. One factor would be obvious which are the consumers. Due to a data breach, the company is going to lose so much credibility and loyal consumers that it can re-shape a company on whether it’s going to stay alive in the market or permanently closed. Another factor you have to consider are all the investors. Surely theirs going to many downsides when loss of money is involved, and this can easily decide the fate of a company whether those investors decide to stay and help or back out.

Find out how UKEssays.com can help you!

Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.

View our services

The solution to such tragedy is simple and that can be summed up in one word which is called recovery. Systems breaches are inevitable, and it doesn’t matter how strong the firewall is because if someone truly puts in the effort than they can easily hack any systems especially if those people work in teams rather than individually. Recovery is the biggest asset a company can have and should have. Contagious plans should always be number one priority because it’s a good reassurance against anything that the future holds.

Another solution is to get contracts with a top-notch security company. Yes, they can be a little expensive, but the main questions businesses need to ask is what’s more important for the company. Their overall security or are they solely concerned about their revenue that their acquiring. The reason why it’s smart to go with an expensive top-notch company is that while you focus solely on the business, they’re looking after all of your asset behind doors. The best part of having such contract is that, if there’s any issues that happens down the road than their willing to own up to it and deal with it even if it costs them money in the process which is a good reassurance.

According to David Lewison, the best solution he believes against cyber threats is to work hand to hand with their insurance companies. The first step is to conduct training sessions. The purpose of that is to basically get awareness and get a level of understanding to watch out for any suspicious activities or red flags. The second step is to share guidebooks. The purpose for that is to create a program that works well with all systems and target any miscellaneous activities, which can be very effective if someone misses a red flag by mistake. The best and most effective step is to share news and best practice. The result of such step is to help companies stay fully current on all type of risks, security, and compliance (Lord, N., Ollman, G., Lewison, D. (2017, July 27).

This proves that there are multiple solutions available from data breach but that completely relies on how alert a company is and how effectively they can executive those solutions to their full advantage. The real question here is, are companies fully aware the type of damage a system breach can cause or are they willingly oblivious to that fact due to lack of knowledge. After going through all the research one fact stays true and that is nothing gets resolved at the last minute and no act can be done to reverse any damage once a system has been breached by a third party. It truly depends on how well and smart a company acts once something like that occurs. The best way to tackle something like this is always being vigilant that at any time or any moment, a cyber-attack can happen.

It may not be easy at first to come out of it but there are plenty of ways to recover from it. When cyber-attacks occur, the first step that should be taken is to fully identify and contain the problem. Contact your IT administers and find out where, when and how it happened. If need to then shut down the whole network because that will stop any further data from being stolen. It might hurt the company overall by doing so but it’s the most proper and effective action to stop the problem. Next step is to contact your attorney who specifically works with a data breach. While the IT administers work on getting your data back up to normal, your attorney can work on making a strong case of the whole situation and help the company with a reassurance that the attack doesn’t completely break them. In a way, this can act as a double edge sword especially since there’s not one but multiple scenarios taking place to make sure the company comes out unscathed or at least with the most minimal damage as possible.

The biggest concern with a data breach isn’t the company itself but mainly the data that was stolen and usually those data are the company’s loyal consumers personal information. Data breaches can result in millions if not more of private records stolen, affecting not just the company but everyone whose personal information was forcefully taken without their knowledge. The act is so heinous that the only thing that goes in those hacker’s mind is how much money they’re going to get out of it as a result. They’re not a one-bit concern of how many innocent people lives they just ruined which is why it’s best if a company begins to create a recovery revenue bucket.

A recovery revenue bucket is like a safety deposit box where money can be put in, but it shouldn’t be taken out unless it’s necessary. The perfect example would be my insurance company delta dental. Delta dental have a bucket solely made for education. The rule is, doesn’t matter what happens to the company, that bucket will always remain the same. Money cannot be taken out for no reason. It’s a very strict rule that is always honored and it doesn’t matter how much hardship the company faces down the road, that rule will never change which was stated by the president of our company.  

If a company chooses to follow such an honorable act than the end outcome can have very good results. The reason why is because it shows their being unselfish and are willing to take the initiative of not only rebuilding their company but their consumers as well.  Acknowledging and owning up rather than playing the blame game can take any company far especially if there’s an effective team executing the recovery process. This will help the company with exceptional credibility and help them recover a lot faster because their willing to go out of their way for their consumers and help them through this tragic process.

With data breaches being so common nowadays, companies should always be on high alert. It doesn’t matter how big or strong the security defense is because smart hackers always pre-plan everything carefully before they attack and there’s no telling what resources they have on their side or whose aiding them the cause. Companies should pay more close attention to their asset and the proper steps they should take to safeguard them. There are ways companies can fully recover from complete data breach but ultimately that depends on how well they can handle the recovery stage to regain total control over their systems.

Data breach should never be hidden from anyone. The consequences of not alerting everyone can be a great issue. Reputation and credibility can easily be shattered to the point of no return which is why it’s best for companies to be completely honest. By being honest means taking ownership.  The purpose of that is simple, when a data breach occurs or if there’s a small hint that someone is trying to hack into the system, immediately alert everyone who may or may not be affected. Communication is the key to such situation.

There are multiple ways a company can successfully take proper steps with communication to show empathy and accountability. Such as being completely honest and true. Another step would be to not hide anything from anyone especially all the people who invested in the company. Also, it would be wise to send a word out to everyone saying to stay away from company websites and anything related company until further notice. The final step is to send a mass update of what actions are being taken to resolve this crisis and what action they’re currently in right now to make sure everyone is fully alert of the whole situation. These key steps are an excellent example that a company should take in order to earn exceptional loyalty so when they do make a return to the market, they would have a good start because of how well they handled the overall situation. 

Businesses shouldn’t have that mindset where they believe everything is running smoothly so theirs nothing to fear because data breach can easily sneak up on you. Which is why it’s best for businesses to have a strong security strategy protecting not only themselves but all their assets as well. In many cases, those assets are their consumers. Businesses should take data breach more seriously than they do now especially the ones that believe their safe from any threat. We currently live in a world of unpredictability meaning anything can happen at any given time which is why it’s best to prepare for any situation or crisis that may or may not come. Most importantly businesses need to be more honest when a situation like this arises because hiding something this serious can cause more harm than good in a long way. 

Having very well data security and maintaining them consistently is the best solution when trying to safeguard a company and its data. It does require a lot of work and it can get expensive but having a skillful and knowledgeable people is the proper way to keep everything running smoothly with minimum to no issue. Ultimately when it comes to data breaches, businesses need to ask themselves whether if they’re fully protected from cyber-attacks or not. As well as if they have proper tools available to prevent a data breach. Also, are their enough contingency plans available for a speedy recovery process. And most importantly are the security team trained and experienced enough to handle any attacks that may come in the way of harming the company especially for those who play a big role in the company such as the employees, investors, and consumers.

References

Cite This Work

To export a reference to this article please select a referencing style below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please:

Related Lectures

Study for free with our range of university lectures!