Stop me if you've heard this one: a major U.S. retailer was hit with a massive data breach. It sounds familiar because it is. But this time, we're not talking about Target. We're actually talking about a new data breach that could be the largest in history.
Nothing is official yet, but according to a Bloomberg News report, Secret Service officials are working with Sears to investigate a possible data breach on its networks. So far, Sears has said it hasn't found any evidence of a breach. But the investigation is ongoing.
You might be wondering why Sears is looking for a breach in the first place. This brings us to an important question…
How Do IT Professionals Know When They’ve Been Hacked?
A small business might not even notice when it's been hacked. Some malware is designed to lie in wait and sneak off with data in the middle of the night when no one is monitoring the network. This means that many companies learn about a data breach secondhand when…
- Customers see erroneous charges on their accounts.
- Security firms find evidence of a hack and trace it back to the company.
Allvoices.com reports that journalists first started talking about this new data breach when a security firm posted that it had found 360 million compromised login credentials and over 1 billion email addresses posted in hacker forums.
Security firms monitor these online black markets. When they see someone post new stolen IDs and credit card information, they know there's been a hack somewhere. From there, security companies use a variety of techniques to figure out where the stolen data could come from.
It's worth repeating that Sears hasn't officially acknowledged the breach, and so far, the company says it's found no evidence. What we do know is that a large company – possibly multiple companies – was hacked and 360 million user logins were exposed.
Going on the Offensive: a Better Way to Fight Breaches
The ongoing investigation at Sears is an important reminder for tech companies of all sizes: you or your clients can be hacked, data can be stolen from under your noses, and you'd better be prepared.
As officials at Sears scour their records for evidence of malware or suspicious behavior, security consultants and IT project managers should think about what they would do in these situations.
Here are some tips to help you mitigate the risk of data breaches:
- Monitor activity logs, network traffic, and other activity.
- Keep software up to date (one of Target's problems was that it used an obsolete algorithm to encrypt PIN data).
- Remind employees (and client employees) of proper mobile security.
- Have a plan in place in case you are hit with a data breach (see our suggestions in "Data Breach Response Guide").
These steps can help you reduce your cyber risk, but you can't eliminate it completely. IT professionals have what is called third-party data breach liability. That's a mouthful. It means you can be sued when clients are hacked.
You might have dozens of clients. That means you have dozens of liabilities. Errors and Omissions Insurance covers your third-party cyber liability, paying for lawsuits when a client sues you over a data breach.
While implementing strong security standards and educating your clients is important, don't forget to protect yourself. E and O coverage is made to protect IT contractors from their tech liabilities, software litigation, and data breach lawsuits.