Data Breach Case Study

Decent Essays
Data breaches and cyber attacks have become increasing more common, last year there were huge data breaches at large companies such as Target, Sony, Ebay, P.F. Chang’s, Domino’s pizza and many many more (McGregor, 2014). According to ITRC, 2015, “The number of U.S. data breaches tracked in 2014 hit a record high of 783 in 2014.” (para. 1) When a data breach occurs it means that sensitive data has been viewed, stolen or otherwise used by party that did not have authorization to that data. Data breaches have become so commonplace that it is more common to have been breached than to not. It is the responsibility of the company collecting the data to protect the information received from customers. Companies should take precautions and minimize …show more content…
Computer and software security includes strong passwords with ninety day expiration, firewalls, anti-virus and malware software, encryption and monitoring updates and patches. Physical security measures include, safes, locked cabinets, shredders and surveillance. As crucial as it is to implement physical and computer security, it is just as critical to train employees on the procedures and the proper use of the provided tools. Ongoing security education and instruction will help to prevent careless mistakes that can lead to vulnerability and breach. Creating and maintaining an incident response plan as well informing employees of its existence is significant. In the chaotic incident of a data breach a guide and listing of steps will assist in the process.
It is also imperative to define security requirements upfront with vendors and other third party service providers. It may be necessary to acquire outside services to uphold and maintain appropriate security measures to comply with certain state and federal regulations. Ensuring that the company maintains control of data at all times, especially with data storage or services, is
…show more content…
Reputation, productivity, and profitability can all be negatively impacted in the aftermath of even a single incident. If a data breach results in actual identity theft or other financial loss, the offending organization may face fines, civil or criminal prosecution. In case that a breach does occur it is important to immediately reference the incident-response plan. Time is of the essence, acting quickly can shut down further damage either by the offender or by noncompliance of state and or federal regulations. Failure to act promptly could lead to both increased regulatory scrutiny and liability. The immediate goal is to minimize reputation damage and customer hardship, offering credit monitoring might help to prevent further damage to clients and restore a sense of

Related Documents

  • Great Essays

    Internal Security Threats

    • 1296 Words
    • 6 Pages

    What this means is that the company is taking every precaution to have the right people on the job when it comes to security as well as the most up-to-date security systems available. A breach may happen, but knowing that your company has done everything to protect against an attack should allow some peace of mind. Two ways that resource allocation translates into the workplace are: 1. Adding further encryption to already secure sites. 2.…

    • 1296 Words
    • 6 Pages
    Great Essays
  • Decent Essays

    Since some if not most employees have access to sensitive data, in the wrong hands, in this case a disgruntle employee can leak this information. Next, we move onto evaluating the controls in place and if existing controls in place are appropriate. Making sure that new controls are created and put in the correct place to help mitigate any risk that comes up is important. An examples of controls for Wells Fargo might be antivirus software, patches to fix any vulnerabilities, periodically port scans, and annual system inventory. Some of these controls actually help mitigate multiple risk in multiple locations.…

    • 720 Words
    • 3 Pages
    Decent Essays
  • Improved Essays

    To protect my company assets from cyber threats/attacks many things must be taken into consideration because there is always a deeper internal issue in what we believe is secure. Risk assessment and risk management are both very important parts of planning to create a safe, secure work environment to protect my employees and company both on the inside and outside of the company. I would assure that my company conducts a risk assessment periodically. This helps to see what has failed in the past versus what improvements and corrective actions have been made to present day. Comparing and contrasting the effects of failures also helps to determine if the current improvement fall into the same category.…

    • 700 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    The plans should be detailed enough to provide a comprehensive defense against an attack. Incident managers should be well versed with the emergency protocols such as coordination, information sharing and backup procedures that are necessary under such circumstances. These principles provide security strategists the necessary guidelines to implement an effective security apparatus. With data security becoming one of the top concerns for organizations that handle sensitive customer information, it is important that security analysts look at the holistic picture of the security landscape rather than having a narrow scoped approach to protect and improvise their security…

    • 810 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    As there might be a large number of vulnerabilities and associated threats that could disturb the assets, it is also important to be properly categorize them. The main objective is to find out which vulnerabilities and threats might cause the maximum damage so that the critical items can be taken care on the priority basis. Measuring the possibility and impact of the potential threats on the business To evaluate possible losses caused by threats, the following questions need to be…

    • 1790 Words
    • 8 Pages
    Great Essays
  • Superior Essays

    Introduction In order for you to plan for security. You must first conduct a full risk assessment. The whole point of security planning is to develop some security polices so that you can implement some controls that will help to prevent the risks to your systems from becoming a reality. This paper will discuss some cybersecurity strategies and other various frameworks. It will also analyze the change control process and identification needed for security for the specific business fields.…

    • 1045 Words
    • 4 Pages
    Superior Essays
  • Improved Essays

    Malicious code designed to exploit such vulnerabilities are a threat to confidential information Consequently, it is essential that small businesses keep their software and applications up-to-date with the latest patches. Updates to everything from Microsoft Office applications to new operating systems should be routinely checked for and downloaded. These patches and updates can be found on the specific vendor's website and their installation is particularly critical after a new product is released. Educate…

    • 967 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    g. User awareness and training should be periodically done to inform users of the risks associated with obtaining files and software either from non-trusted websites, or on any other medium, indicating what protective measures should be taken. Bulletins and other informational messages should be regularly released for this purpose. h. Regular update of the operating system and applications should be done to avoid vulnerabilities to these malicious…

    • 1344 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    Port Scanning Policy

    • 729 Words
    • 3 Pages

    The scanning process requires prior approval by the owner or administrator of the system.  Approved LAN and Desktop Support and Network Services staff may conduct a port map to resolve a service problem, as a part of normal system operations and maintenance, or to enhance the security of systems.  The Companies Security Officers performs a port map or scan to monitor compliance with this policy to perform security assessments, or to investi-gate security incidents.  Approved companies support staff shall perform an unauthorized port scan on a system in cases where directed by authority persons. 3.…

    • 729 Words
    • 3 Pages
    Improved Essays
  • Superior Essays

    Cyber Attack Case Study

    • 956 Words
    • 4 Pages

    Once the critical business information is identified, a planned response needs to be identified as to how to protect that information. The protection plan may begin with the Information Technology (IT) Department with software but essentially it is individual responsibility of how the information is kept safe. Information is always vulnerable and people are looking to find ways to gain access. By having checks in place, if a hack does occur, the violation can be detected sooner and planning continues to prevent future attacks from happening again by devising a deflect plan, and how to go about defending in the future. Firewalls are put in place to keep individuals from hacking into the database at the place of my employment.…

    • 956 Words
    • 4 Pages
    Superior Essays