Data Breach - It can happen to you!
Posted on 03.07.17
By Scott M. McAuliffe, Risk Advisory Services Partner | Cybersecurity Services Team
It seems on a daily basis, we hear about large companies, such as Yahoo, LinkedIn, Oracle, and Dropbox that have suffered a significant data breach. When seeing these headlines, most small- and mid-size businesses probably think that it will not happen to them. Why would a criminal target my business? My business is not big enough to be targeted.
Well, as I read the Richmond Times Dispatch this week, the myth that small- and mid-size business are not targets was dispelled.
A well-known local market in Richmond fell victim to an Email Scam that resulted in the theft of 360 current and former employee W-2 tax forms, which house sensitive information including names, addresses, social security numbers, and wage data. These documents are likely to be sold to identity thieves filing imposter tax returns or taking out loans in the victims’ names.
According to a 2016 Ponemon Cost of Data Breach Study: United States, the cost incurred for each lost or stolen record containing sensitive and confidential information is $221/record. If those numbers hold true, the local market may incur losses of $80,000 resulting from the data breach, which is not a trivial amount.
John DeMarzo, Keiter Risk Advisory Associate, wrote an excellent blog providing an example of what these phishing emails might look like, as well as tips to help protect your business.
Do not let this happen to your organization. Make sure you and your employees are aware of these scams and implement these simple steps to stop it from happening to you.
Access our additional cybersecurity updates and informational articles.
Scott leads the Firm’s Risk Advisory Services practice, which focuses on providing cybersecurity services, internal audits, information technology audits, Service Organization Control (SOC) audits, and Sarbanes-Oxley assistance. Scott focuses on providing his clients with cost effective solutions to build strong, efficient internal control systems/practices that support their strategic objectives. Read more of Scott’s insights on our blog.