Digital Strategy, Risk Management

Managing Data Breaches and Cyber Risks

23 Nov , 2014  

Data Breaches Impact Reputations and Customers

A data breach can lead to terrible consequences for you and your customers. In addition to devastating financial losses, the damage to your reputation and brand may be irreversible. Yet, despite the risks, some firms still view cyber crimes as random events. They take a “this will never happen to me” approach. On the contrary, it can happen to you and there are things you can do to prevent it.
For one, know that hackers don’t pull names out of a hat. They target firms for precise reasons. Either you have something they want or they’ve spotted a weakness in your system that makes you vulnerable. Consider TJX. In 2007, the retail giant reported the largest data breach in history. Out from under the company’s nose, cyber criminals made off with more than 45 million credit and debit card numbers. It turned out the crooks had been siphoning data for nearly two years before TJX detected the breach. How did the hackers do it? They intercepted insecure wireless payment information TJX was sending to its credit card authorizers and banks. TJX was using an outmoded WEP encryption instead of the more secure WAP. The company elected to not install the latest encryption technology, figuring the risk of a breach was low. Sounds familiar. It was also at work in the Target and Home Depot cases. You might argue, TJX’s business was retail, not technology. What did its management know about cyber crime? Probably not as much as they do now. But had they taken the risks more seriously, the event likely would never have happened.
Employees present a risk, too
Sometimes cyber criminals get help from employees inside a company. In 2011, an RSA employee retrieved an email from his junk folder and opened it. The email contained a malware that gave cyber thieves a foothold and allowed them to burrow into the company’s network. That one employee’s oversight ended up costing RSA and its parent company EMC $66 million. Other times, employees inside a company become the cyber criminals themselves. Booz Alan Hamilton gave its employee Edward Snowden access to classified information. Snowden, in turn, went against his employer’s client, the US government, by going public with that information. JP Morgan, Barings Bank and Société Générale are examples of other companies that also have experienced employee fraud or data breaches.
Tips for securing your data
We live in a data-driven society. Fortunately, you can do a few things to mitigate loss, and ensure your data is more secure.
1. Pay attention to the tiniest of details – As we rely increasingly on data automation to do our heavy lifting for us, we open ourselves up to the dangers of processing data inappropriately. Cloud storage and file sharing add to that risk. It’s best to take a detailed approach to examining data flows. Small holes easily can turn into flood gates.
2. Partner with best-in-class data firms – TJX lost money not because of a bad business model or even poor customer service. It lost money because of how it transferred credit card data, a task far outside of running a department store. Target, Home Depot, and many more are suffering the same. Be honest about what you do best and don’t be afraid to partner with experts in data risks and management.
3. Know your employees and their actions – A broad universe of tools (social networks, blogs, and intranet postings) is available for monitoring employee behavior. Many firms even deploy keystroke tracking software to comb messages and emails for legal issues. It is important to educate employees on how their actions can impact a company’s overall data security.
4. Customers expect more than the law – Laws exist that set clear direction on how companies need to process financial and health care data. But as more firms allow data sharing with web services and third-party apps, the risks become greater. Management needs to look to customer expectations regarding the treatment of data.

Professor Walker provides keynote talks, seminars presentations, executive training programs, and executive briefings.

Recent talk topics enjoyed by clients have included:

From Big Data to Big Profits: Getting the Most from Your Data and Analytics”

“Data Monetization”

“Leveraging Artificial Intelligence and Automation at Work”

“Winner Take All – Digital Strategy: From Data to Dominance”

“Success with an Inter-Generational Workforce: From Boomers to Millennials”

“FinTech, Payments, and Economic Trends and Outlooks in Consumer Lending”

“The World in 2050: Risks and Opportunities Ahead”

Exceptional executive training programs have included:

“Digital Disruption, Automation, Analytics, Data Science, the IoT, and the Big Data Wave”

“Master Course on Operational Risk: Measurement, Management, Leadership”

“Complete Course in Risk Management: Credit, Market, Operational, and Enterprise Risk”

“Cyber-security Training: Prevention, Preparation, and Post-Analysis”

“Managing Your Brand and Reputation in a Crisis.”

“Strategic Data-Driven Marketing”

“Enterprise Risk Management and the CRO”

Professor Walker has provided these talks and programs to leading firms and governmental organizations. Click here to learn more about his talks, references from clients, options for customized talks and programs, and details on scheduling a program for your organization.

, , , , , , , , , , , , , , ,

By  -      
Russell Walker helps companies develop strategies to manage Risk and harness value through Analytics and Big Data. As Clinical Professor at the Kellogg School of Management of Northwestern University, Russell Walker has developed and taught leading executive programs on Big Data and Analytics, Strategic Data-Driven Marketing, Enterprise Risk, Operational Risk, and Global Leadership. He founded and teaches the popular Analytical Consulting Lab and Risk Lab, experiential classes, which bring Kellogg MBAs together with real-world projects in Analytics and risk evaluation. His is the author of the book From Big Data to Big Profits: Success with Data and Analytics (Oxford University Press, 2015) which examines data monetization strategies and the development of data-centric business models in the new digital economy. He is also the author of the award-winning text Winning with Risk Management (World Scientific Publishing, 2013), which examines the principles and practice of risk management as a competitive advantage. Dr. Walker consults with firms on the topics of Big Data and Analytics, Risk Management, and International Business Strategy. Russell Walker can be reached at: russell-walker@kellogg.northwestern.edu @RussWalker1492 russellwalkerphd.com



Leave a Reply

Your email address will not be published. Required fields are marked *