The Target security breach is proof positive that human error, or dare I say apathy, is a key factor in not just a security breach, but also data loss and even costly downtime.
Who remembers the episode of Seinfeld in which George, while shopping with his fiancé Susan, feels compassion for the security guard in the men’s clothing store who must stand all day? The store did their due diligence in hiring a qualified security guard, and positioned him by the front door where he could serve as the first line of defense against criminals. And while George and compassion don’t usually go in the same sentence, for some reason he felt compelled to provide the security guard with a chair to make him more comfortable. A rocking chair, no less.
The problem? The security guard got a little too comfortable. Fade to the final scene: the security guard is fast asleep; rocking away, while the store is being robbed. So much for taking proper measure against a security breach.
According a BusinessWeek article on the breach, it could appear that Target took the proper steps to avoid such an attack. Just six months earlier Target worked with a computer security firm to install a $1.6 million malware detection tool. Part of the equation was a team of security specialists with the job of monitoring Target’s computers. And what do you think happened when the now infamous hackers started their attack? The malware worked! Then how could Target possibly lose 40 million credit card numbers, 70 million addresses, and other personal information?
“What it hasn’t publicly revealed … Poring over computer logs, Target found [the malware] alerts … early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.” BusinessWeek
Here are a few lessons we can take from George and his security guard and the Target breach.
- Don’t fall asleep on the job.
- Take every security warning seriously.
- Be prepared. And then prepare again.
- Take malware seriously. Research shows that in 2010 there were 49 million new strains of malware. Scary to think what the number is today.
Of course malware precautions are only the first step. What if the malware immobilized Target’s systems, can you imagine if their systems were inoperable on top of it all? Downtime would not be a good thing for a business like Target, right before Christmas.
As a Managed Service Provider you’ve probably seen your fair share of malware, server crashes, power outages and IT disasters. The most thorough solution to mitigate downtime in the event of such a disaster is a hybrid cloud-based Business Continuity solution. And with Datto Tech Support available 24/7/365 you can relax, at least a little. But save the rocking chair for home.
Holly Wainwright is Director of Marketing at Datto. Datto Inc. is an award-winning vendor of backup, data recovery (BDR) and intelligent business continuity (IBC) solutions, providing technology and support to more than 5,000 channel Partners throughout North America and Europe. Datto’s hybrid-cloud BDR/IBC technology provides instant on- and off-site virtualization of servers and workstations, serving the needs of small to medium-sized businesses.