Wednesday, January 22, 2014

Data is the Target

When your logo is a red bullseye and you’re in the retail business, I guess you should expect to be a target.

We are learning that more people were affected by the data breach at Target. We are learning that the breach was likely perpetrated by Eastern European cyber thugs and that tens of millions of Americans may be impacted to the tune of billions.  What we haven’t seemed to learn is that no matter how vigilant and how much is spent seeking to protect the information Crown Jewels, that nothing can protect information completely from the criminals. There will be hacks and data will be stolen. But for the average person, while scary, what it tells them is that they need to take action to protect themselves. Perhaps that means getting identity theft insurance or some protection from cyber crime.  

However, more importantly what does this mean for business? What can be done to mitigate the harm and risk? Insurance shifts the risk and is a good thing but it doesn't solve the underlying problem. More IT security is useful but how many more IT experts can be retained and will that solve the problem? I think not.

While I don’t have all the answers, I do want to share a story that makes the point that process and technology can help minimize the harm.

A few years ago, I was speaking in Southern France to a bunch of Hungarian bankers. They recounted how they were dealing with cyber theft which was a big issue in Hungary especially those people making credit card purchases. To combat theft of credit card info, the Hungarian banks implemented a simple and seemingly inexpensive system whereby every credit card holder got immediate and real time notice of any and all impending transactions on their cards. If the transaction was bogus, a text message could be instantly sent back to the bank to shut down the account and terminate the criminal transaction.

Well maybe the text notification system is not the right or only answer, but it seems like coming up with ways to make the theft less valuable by minimizing the transactions amounts or frequency will take a bite out of crime.

If you can’t undo all criminals hellbent on cyber crime, perhaps we can get creative and interactive to diminish the economic harm.

I’m interested in what you would do about cyber theft.  Email me your ideas at rkahn@kahnconsultinginc.com  



No comments: