Well that didn’t take long … last week we learned of the Zappos data breach, This week Zappos and its parent Amazon were named in a class action lawsuit claiming the shoe retailer didn’t adequately protect customers’ information.

According to the Associate Press, “Zappos alerted employees and customers by email Sunday that names, phone numbers, and email addresses of its customers may have been accessed in a hacker attack. The company said customers’ credit card and payment information weren’t stolen.”

The AP also reported, “The civil negligence lawsuit seeks unspecified millions of dollars in compensatory and exemplary damages for emotional distress and loss of privacy, along with a court order for the company to pay for customer credit monitoring and identity theft insurance and periodic audits to ensure customer data is secure.”

If data breaches are happening to the big companies like Zappos, how exposed is your company? Do you have the necessary compliance parameters in place to satisfy the feds, state and the plaintiffs’ attorneys in the event of a breach? Do you have the proper insurance in place as well?

As you’ve probably heard, Zappos, the online shoe retailer has experienced a data breach of 24M customers’ names, email addresses, billing and shipping addresses, phone numbers and last 4 digits of their credit cards.

Zappos believes the cyber attack was by a criminal who gained access to their internal network.

Fortunately, at least on the surface, it seems Zappos has a privacy & security program in place that involves a breach response strategy whereby customer service reps have been taken off the company’s toll-free order entry line and deployed to respond to customer email. A program such as this is part of both Federal and most State compliance requirements on how to handle sensitive information.

Is your company prepared for the inevitable data breach?

Do your employees use Facebook either at work or at home or both? Are you sure they have malware protection on their business related laptops and personal computers?

Are you aware that every day an average of 160 Million Facebook users are exposed to malware? Or that each day 600,000 attempts are made to hijack Facebook users’ accounts?

Be sure you require every employee to have malware protection on any computers accessing your company data bases. Otherwise, criminals may get access to your employees’ passwords and logins and thus have access to your data. And that would be considered a data breach.

As many of us travel to spend the holidays with family and friends, we can protect ourselves from identity thieves with a few simple maneuvers:

- Avoid using public Wi-Fi when purchasing items and logging into password protected accounts (especially your bank).

- Turn off the blue tooth setting on your phone when not using it. Hackers can scan your phone and access all of your stored information.

- Use a screen protector for your laptop and smart phones so thieves can’t see your logins and passwords.

- Avoid announcing/talking about your travel plans on social networks.

- Consider using an “app” that will track your phone if you lose it and/or delete data.

Travel safely and enjoy the holidays!

This year, an estimated 36% of holiday shoppers will purchase online and a whopping 18 million Americans will use their mobile devices to do so.

If you’re one of these statistics, here are some suggestions you can implement to protect yourself:

- Avoid having websites remember your login and credit card account number.

- Add a password to all laptops and mobile devices in case they’re lost or stolen.

- Make sure your security software is up to date.

- Don’t open emails from sources unfamiliar to you.

- Clear cookies on your computer.

- Make sure websites you’re using to purchase items contain an “s” (https://).

Happy Holidays!

Recently, Kim Holmes, Asst. VP of Chubb Specialty Insurance shared four key data loss preventative measures for hospital executives in Becker’s Hospital Review.

1) Create a culture of security. Holmes said “ … make sure it’s part of the organization’s day-to-day operations … an alive and breathing process so all employees are part of the solution of preventing a data breach or responding to one if it does happen.”

2) Encrypt data. According to Ms. Holmes, “… encryption can help hospitals prevent data breaches and minimize damage if a breach does occur.”

3) Develop written indemnification agreements with third parties. Holmes says, “Hospitals and health systems need to have written indemnification agreements in place with third-party service providers and vendors as a means to possibly mitigate financial losses if a data breach occurs at a third-party vendor.”

4) Manage the provider-vendor service relationship. Make sure the vendors have appropriate security measures in place to prevent a data breach. Ms Holmes suggests, “One strategy is to require the vendor procure cyber security liability insurance.”

All of these recommendations also come from our federal government in order to comply with the privacy/security/data loss laws and pertain to every type of employer, not just healthcare providers. Do you have these parameters in place?

NC State researchers have developed what may be a way to help protect personal information.

i-NVMM is a hardware encryption system that uses an algorithm to detect data probably not needed by the processor. 

Associate Professor of electrical and computer engineering, Dr. Yan Solihin says, “The algorithm detects idleness so any data not currently in use – such as your credit card number – is automatically encrypted.”  In addition, Solihin said “While 78% of the main memory is encrypted when the computer is in use, the remaining 22% is encrypted when the computer is powered down.  Unless someone accesses your computer while you’re using it, all of your data is protected.”

Although most days it seems the criminals are several steps ahead of the good guys, here’s an example of some good news on the cybercrime front.