Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
If 2017 was considered the “year of the data breach” as the number of incidents hit a new record high of 1,579, 2018 might get even more serious. Just a little more than halfway through 2018, the number and scale of data breaches that have already been reported is staggering. To name a few, In March, Under Armour announced that a breach affected an estimated 150 million users of its food and nutrition application; In April, Facebook notified 87 million members of its platform that their data had been shared; and in June, EXACTIS leaked a personal info database with 340 million records.
|In the latest breach to make headlines, mega department store Macy's fell victim, as revealed in an emailed letter sent by the company to its affected customers confirming that an unauthorized third party accessed online customer accounts between April 26 and June 12 this year. Macy's also sent a letter to the New Hampshire Attorney General's Office on July 2 to notify them that 753 New Hampshire residents were affected by the breach, which detailed that it was alerted to an influx in abnormal login activities on macys.com and bloomingdales.com (owned by Macy's, Inc.) by their security suite on June 11. The leaked info may include customers' names, addresses, phone numbers, email addresses, birthdays, and credit and debit card numbers with expiration dates.
|Macy's isn't the only retailer to make headlines this year because of leaked data — the list is long and includes: Orbitz, Under Armour, Best Buy, Delta Air, Kmart, Lord & Taylor, Panera Bread, Saks Fifth Avenue and Saks Off 5th, and Sears. In fact, Trustwave's Global Security Report found that the retail industry was the most compromised sector for a fifth year in a row, and the primary target is payment card data.
These attacks aren't random, and there are plenty of reasons that hackers go after retailers. Even the strongest retail players are at risk: with massive amounts of customer information being stored across multiple channels, combined with limited IT resources (and sometimes a hodgepodge of new and old systems and hardware — or just fully antiquated systems altogether), the task of successfully defending their networks from vulnerabilities is daunting to say the least. Other reasons that retailers are at risk include:
The increasing normalcy of data breaches in the retail industry has highlighted the fact that retailers need to be doing more — particularly in terms of protecting customer data. This must start from the inside out. Data security and compliance must crosscut the entire organization. Leaving this significant task just to IT or another dedicated department fails to address the larger issue: all staff are stakeholders in a company's data protection, and therefore must be trained on security best practices and requirements on an ongoing basis.
Indeed, the most common (and easiest) way for hackers to access and steal sensitive information is through spear phishing: a form of phishing in which a hacker attempts to target one or more individuals using finely-tuned, personalized tactics to trick users into breaking security procedures. As one of the most successful forms of phishing on the Internet today, over 90% of all cyberattacks are successfully executed with information stolen from employees who unwittingly give away their system ID and access credentials to hackers. For the most part, this is behavior that can be rectified with more training and vigilance, which is why education of all employees is so important.
Retailers that make cybersecurity a top priority will reflect that in all aspects of their business. Ultimately, it should be a part of the company culture and, as such, echoed in all procedures and policies. This should also extend to vendor relationships, as information theft can also happen unknowingly through vendors or third parties that companies transfer information to. If these third parties don't have the same security standards as the organization, it's important to find one that does.
The truth is, however, no matter how stringent and robust a retailer's security mechanisms are, there is nothing it can do to make its organization 100% immune to a security incident. Therefore, because retailers can have the latest and greatest of security measures in place, and there will still always be cyber threats present, offering identity protection to their customers (and their employees) is just one more precaution to help safeguard their information. In general, there are already so many other gateways to identity theft (and the resulting fraud), that having comprehensive identity protection just makes sense.
|Following any high-profile data breach, everyone should take measures to stay safe and secure on and offline. They should monitor all activities on their financial and credit card accounts, credit data, lock down their login information by using two-factor authentication, review any information from their insurance companies and/or explanation of benefits, and sign up for an identity protection service that includes identity and credit monitoring and resolution services — even better if this service is in place before being affected by a breach.
Comprehensive monitoring services should include Internet surveillance, compromised credential monitoring, and credit data monitoring. The monitoring should also include alerts so that if a customer's information is detected on the dark web, they can quickly assess and work with resolution experts to minimize the impact.
Monitoring and prevention are key, however, in today's digitally connected world, the ubiquity of data has made prevention only half the battle. The reality is, no matter how comprehensive the monitoring is, there is always a chance that your identity gets stolen. Identity theft happens when criminals use stolen data to apply for loans, obtain credit, or commit fraud. While the rise in data breaches hasn't been proven to have directly caused the rise in identity theft, the correlation in statistics' rise certainly indicates a trend.
Identity fraud resolution is time consuming and stressful, and victims can very easily spend hundreds of hours trying to resolve their issue. Research shows that on average, it takes a victim of identity theft anywhere from 7 to 40+ hours to resolve their case. For this reason, it is critical for companies to take preventative steps to help mitigate the fall-out if they do fall victim to identity theft.
Furthermore, it is important for victims to have access to dedicated experts who can help resolve this major issue, with compassion and patience. According to the newly-released ITAP Report 2018 sponsored in part by Generali Global Assistance, emotional distress is by far the most common type of loss when faced with an identity theft issue, applying to 75% of all incidents (financial loss is the next most common, at 54%).
A full-service identity theft and fraud resolution provides compassionate care and attention to customers who are often stressed and unsure what next steps to take, which would help not only lessen the impact to people affected, but also hopefully lessen any negative impacts on customer retention for the company, should a breach be the cause of the fraud. Offering to help customers in their hour of need can help build loyalty between a company and its customers.
If your organization already has an identity theft resolution service in place for customers, they will already be more knowledgeable than the average person in dealing with a data breach — and importantly, much better protected when it comes to dealing with the aftermath of one. And in today's world, there's immeasurable value in that.
*****
Paige Schaffer is president and COO of Generali Global Assistance's Identity and Digital Protection Services Global Unit.
|ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
End of year collections are crucial for law firms because they allow them to maximize their revenue for the year, impacting profitability, partner distributions and bonus calculations by ensuring outstanding invoices are paid before the year closes, which is especially important for meeting financial targets and managing cash flow throughout the firm.
Law firms and companies in the professional services space must recognize that clients are conducting extensive online research before making contact. Prospective buyers are no longer waiting for meetings with partners or business development professionals to understand the firm's offerings. Instead, they are seeking out information on their own, and they want to do it quickly and efficiently.
Through a balanced approach that combines incentives with accountability, firms can navigate the complexities of returning to the office while maintaining productivity and morale.
The paradigm of legal administrative support within law firms has undergone a remarkable transformation over the last decade. But this begs the question: are the changes to administrative support successful, and do law firms feel they are sufficiently prepared to meet future business needs?
Counsel should include in its analysis of a case the taxability of the anticipated and sought after damages as the tax effect could be substantial.