Category: Mobile Security

Data Breach Reporting: The Who, When and Why

Between 2011 and 2017 there were an estimated 4,732 cyber attacks carried out against American businesses. However, only 24 of those breaches were reported to the SEC by the affected company. Those numbers are surprising, but the fact that companies are tight lipped is not.

Data breach reporting is a highly-sensitive process. Companies know it’s their obligation to inform victims. But going public about the breach can make it harder to clean up the problem and catch the perpetrators. It’s also a major public relations blow to the brand. And since the SEC has guidelines but not federal rules about reporting, delays and excuses are common.

That may be understandable, but that doesn’t make it acceptable. Reporting is an ethical obligation and also a legal liability for companies. Companies that wait weeks, months, or even years to report breaches potentially compound the damage done to victims. If and when those victims choose to go to court, they have grounds to demand much larger settlements. The growth of the industry is largely due to the growth in size and frequency of these settlements.

It’s easy to conclude that companies should report the breach as quickly and completely as possible. Unfortunately, it’s not that easy when so much is at stake. Following these best practices to approach breach notification systematically:

  1. Understand Your Legal Obligation – All states have laws requiring reporting, including the District of Columbia, Puerto Rico, and the Virgin Islands. There may also be other local, state, or federal laws that inform the reporting process. in advance of any breach, and determine exactly when they apply and what they mandate. In some cases the breach must be reported within 72 hours of discovery.
  1. Notify Law Enforcement – This is mandatory ASAP after a data breach. Even if the extent of the breach/victims is unknown, law enforcement must be aware of the incident. Once law enforcement is involved there are professional investigators pursuing the hackers. Contact local officials first. If they cannot help they will recommend you to state or federal officials.
  1. Coordinate the Response – An inconsistent and disorganized response is just as bad as a late response. Pick someone to be the spokesperson, and make sure the message is consistent in public statements, on social media, and in official documentation. It’s possible to if victims are notified but not notified completely or accurately.
  1. Consider Notification Options – The preferred way of notifying victims is through traditional mail. In special circumstances, however, companies are allowed to send out email notifications. Look at the cost of notifications based on the scale of the incident. Then determine how to directly notify victims and how to publicize the incident generally, Most companiedata breach what to dos also include resources on their website, issue a press release, and make spokespeople available to the media.

If the data breach notification process sounds unpleasant your interpretation is accurate. It’s a necessary evil for companies that suffer from a . Unfortunately, avoiding these incidents is almost impossible. The strategy that more companies are taking is to plan for the worst early. Make a plan for responding to an incident, including in-depth details about notification. It may not be able to spare a company embarrassment, but it can spare them expense.

Mobile commerce security not as important as convenience for holiday shoppers

A Trustlook survey showed that consumers will ignore certain risks in exchange for easy shopping.

Mobile commerce security is an important issue this holiday season. Seventy one percent of smartphone owners plan to use their mobile devices to help them along some point of the shopping journey.

Trustlook has recently released a survey with results from which it has made its holiday predictions.

The Trustlook survey focused on smartphone users with Android phones. The goal was to accurately forecast consumer behaviors throughout the holiday shopping season this year. What they found was that 40 percent of the survey participants actually prefer shopping over smartphones. This despite the mobile commerce security concerns that have been holding back the channel’s adoption.

Mobile Commerce Security - Shopping via smartphoneAnother 18 percent of the survey participants said that their preference was to shop in-store during the holidays. The results revealed that 43 percent of smartphone users will be making over $250 in purchases over their devices. The top m-commerce apps were identified as Amazon, eBay and Walmart.

That said, shoppers haven’t taken adequate mobile commerce security steps to protect themselves.

Even though 70.35 percent of participants in the survey said they planned to make a purchase over a smartphone or tablet, they were not protecting their personal and financial data. In fact, a wide majority of people hadn’t even installed security software. Sixty four percent of survey respondents did not have a mobile security app installed on their device.

Trustlook CEO, Zllan Zhang, said “Mobile shoppers need to be more cautious than ever,” adding that “This risk isn’t going away as mobile shopping activity ramps up.”

This is an interesting finding as concerns over mobile security have been among the top cited reasons that people have held off shopping over smartphones. It appears that there is a growing group of people who are moving ahead with smartphone based shopping regardless of that potential issue.

The hope from security firms is that if consumers are willing to ignore the mobile commerce security risk, they will at least take more steps to protect themselves. There are several small steps such as security apps that can help to keep sensitive data safer.