« Verizon data breach report: Simple and cheap options could help to reduce 63% of data breach incidents
FTP vs. SFTP »

What’s the real cost?

The recent data breach at Bethpage Federal Credit Union has compromised 86,000 consumer debit account records.  The breach was the result of a simple human error, and the lack of policies to ensure that such errors would not happen.

This is no small issue forBethpage, given the costs associated with the cleanup:

  • Reissuing 86,000 credit cards
  • Paying for credit monitoring for the 86,000 customers affected by the breach
  • Loss of customers
  • Loss of reputation
  • Hiring security firms to monitor access to the files

Plus, they still have to put a long-term solution in place to prevent a similar breach from occurring in the future – a solution that they should have had in place a long time ago.  The solution needs to have multiple levels of security, and should ideally make use of all of the following:

  1. Disable anonymous access to their servers.  This alone could have potentially prevented the servers from being indexed by Google
  2. Use server software that forces selection of strong passwords
  3. Install a reverse proxy server outside of their firewall to enable closing inbound ports
  4. Encrypt the data on the server
  5. Enforce policies about where sensitive data can be posted

These steps are inexpensive and easy to implement, which begs the question:  why weren’t these technologies in place a long time ago?  And if they were, why were internal policies unclear or unknown to employees?  Other credit unions should take heed.  While this data breach shows no indication that data was actually downloaded and used, hackers will certainly take notice and test other credit unions for similar situations.

Implementing an MFT solution like Cornerstone MFT now can save a tremendous amount of expense, effort and embarrassment later.  Cornerstone includes a web interface that can easily be made available to any or all employees who may need to post data on company servers.  A simple policy requiring users to only post sensitive data through this interface would eliminate the possibility that the user will erroneously believe that a server is secure.

Explore posts in the same categories: Managed File Transfer, South River Technologies, Uncategorized

This entry was posted on June 22, 2012 at 8:22 AM and is filed under Managed File Transfer, South River Technologies, Uncategorized. You can subscribe via RSS 2.0 feed to this post's comments. Both comments and pings are currently closed.