There was a recent article in CFO.com by the title as this article. In the article, the author Rotem Iram uses the hypothesis about a data breach that “You can’t lose a customer’s or an employee’s data if you don’t have it.” Essentially this article says ” A good offense will be your best defense.”
Therefore, you are a victim of a data breach. As I have written previously, it is not an “if,” it is a “when” scenario. How can you minimize the costs involved from both complying with federal, state and local laws and minimize regulator, if any, fines.
Mr. Iram’s contention, not to keep any data, specifically, data that will cost you money.
For example, if you do not keep customer’s addresses, you can be required to mail via the US Postal Service a letter telling them they’ve been hacked.
However, before he even proposed that ditty, he said destroy those records. His example on the surface makes sense; but if he were a CFO and not the CEO of a company that provides Cyber-Insurance he would know you just can’t do that willy nilly.
His example, “In 2015, the health insurer Anthem and its affiliates served 69 million customers, yet when they were breached that year, they exposed 78 million records. The extra nine million records most likely come from former customers.”
Now granted you can archive off-line old addresses. You can even destroy records that meet the statutory maximum age. However, he glossed over that point.
Not everything was off the cuff
He did make some very valid points.
- Make sure you log files capture the right data to prove that “even if they were attacked, no records were improperly accessed.”
- If you take credit-cards, make sure to only use chip readers. “MasterCard reported a 54% reduction in counterfeit card fraud costs at retailers who have switched to chip cards.”
- While he didn’t say this, I will suggest that you don’t keep records of the credit card transactions. Use a 3rd party merchant that is PCI compliant and just sends you the pertinent data for finalizing your order as being paid. As Mr. Iram said, if you don’t have the data, you can be held responsible.
- If you get breached, get experienced people to work the breach, your response and the on-going public relations nightmare.
- Lastly, which really should have been the first thing mentioned in this article; implement state of the art counter-cyber intrusion systems. They may not stop a breach but they do show that you have done everything possible which could minimize any fines or court awards when you lose the law suit(s) that will be filed.
I just received this email… and it made me chuckle….
|From: Eric Johnson <email@example.com>|
Subject: * SBA.NET.WEB approved at 3.75%
Good morning Wayne!
Just wanted to follow-up on our conversation that we had last November 11th, in regards to SBA.NET.WEB’s new projects. We ran a D&B analysis and you scored 76 out of 80 which places you at the top tier in your industry. We still have SBA.NET.WEB approved for a line of credit at 3.75% with access to funds for at least $324,646.00. These funds can be used for unsecured working capital lines of credit or new and used equipment purchases.
Call anytime to confirm exact numbers for your funds or simply click here to get a free quote.
President of Financial Services
(949) 390-5411 Office
(949) 242-2697 Fax
“This communication is confidential and may be legally privileged. If you are not the intended recipient, (i) please do not read or disclose to others, (ii) please notify the sender by reply mail, and (iii) please delete this communication from your system. Failure to follow this process may be unlawful. Thank you for your cooperation.”
Copyright © 2017 US Business Funding
Our address is 1 MacArthur Pl #350, Santa Ana, CA 92707If you do not wish toreceive future email, click here.
People just don’t get it.
This is a story of a Social Media Lie. And if you are reading this blog entry, there mistake has cost them. I’m sure you will have a negative impression of those companies involved in this blunder.
I received an email on Thursday, 7/6 from a guy named Ryan at Heliumsocial.com.
The first four words of the email was a lie: “I tried calling you”. I mean really, you didn’t think I’d check my voice mails? And if you called and didn’t leave a message, you didn’t call.
The company that was being pitched was Boxxeo. Hmmm, two different companies. So who actually sent the email, HelimumSocial or the CEO of Boxxeo who signed the email?
I tried calling the number listed for the CEO and got some guy who wasn’t the CEO of Boxxeo. This gentleman didn’t quite get the point that you can’t get business or start a new relationship with a lie.
Social Media Consequence
Moral – don’t do business with Heliumsocial.com or Boxxeo.com.
You’re in the C-Suite; what would you do now that the event has happened? What advice would you give both companies and how do you save your reputation?
Maybe they should have used SBA * Consulting, as we can provide outsourced Marketing advice…
Planning is not easy
SBA * Consulting is currently working with a start-up company. The CEO and COO are actually old hands in the industry. But nevertheless, this is a start-up and we are starting from scratch. We are planning for everything since nothing has been created.
There is no Chart of Accounts, no logo, no policies on returns, and no warehouse yet. We have a product line, but no branding. We haven’t decided on the office layout and the buildout hasn’t even started.
Let’s not even talk about the website and the e-commerce solution or any other part of the information technology schema. We are a start-up.
In out project management outline, we have approximately 150 different items to discuss. Some are “now” items; others are next month and next quarter. However, all are important and need to be addressed. Continue reading
This is a story of a company that is currently using Excel instead of a real accounting system.
I recently was talking to a prospective client who has been in business multiple years and is doing rather nicely. They are on the cusp of a dramatic increase in sales and as such new that they needed to bring on in some capacity a Chief Financial Officer.
Accounting System vs Excel
During the course of our wide-ranging discussion, I asked what accounting system he was using. His answer was a little shocking in that this established, multi-year business was using Excel spreadsheets. When I said that was really an insufficient and potentially a dangerous way to keep one’s books and records, he asked why? Continue reading