How to Stay Protected in this New Age of Data Breaches
The rate at which data breaches are hitting and impacting businesses shows no sign of slowing. In fact, according to the Identify Theft Resource Center, the number of breaches so far this year has already surpassed the number of breaches around the same time last year by almost 35%. (Here’s a list of breaches that have already occurred this year.)
Security breaches keep happening because they can. In the payments industry in particular, there have never been more options for consumers to purchase goods and services, whether it’s through an e-commerce website or with a mobile device at a cafe. Omnichannel payments have provided convenience for both sides of the transaction, but they have also become opportunities for criminal hackers, and as a result, vulnerabilities for consumers.
What do hackers do with the information they rob? Engage in fraudulent activity with stolen identities. However, this doesn’t necessarily happen right away. According to a report from Javelin Advisory Services titled "2017 Data Breach Fraud Impact Report: Going Undercover and Recovering Data," three-quarters of total fraud losses for last year arose from individuals who had been victims of a data breach within the previous six years. Not comforting. So, if you made a purchase at a company that then experienced a data breach, you might be paying for it years down the road. As a customer, that’s a pretty scary thought.
Businesses need to do their part. It is absolutely the responsibility of a business to ensure their data and the data of their customers is safe, whether it’s being processed or it’s at rest, being stored in a database. Customers put trust into merchants they give their business to, assuming their information will not be exposed outside of the transaction they’ve engaged in.
But, it happens. It happens to businesses of all kinds: small or giant. Just recently two major brand names were hit hard by breaches: restaurant chain Chipotle and retailer Kmart. This is also the second time that Kmart has been hit with malware affecting its payment systems. Even household names are struggling to protect themselves and their customers. Have data breaches become somewhat inevitable? Yes. However, businesses have the tools available to them to protect themselves against the impact of a data breach.
Proactivity and preparation is everything. All too often, more energy is put into cleaning up the mess, after a breach has occurred, than planning ahead and preparing for a breach. Everyone should have an incident response plan to control the situation during a breach. This will help you control actions and communication, and ultimately lessen the impact of a breach. Let’s not forget that coupled with that plan should also be the development and consistent updating of a comprehensive security program, to prevent the actual impact of a breach.
A risk management program will help you decide where to focus your energy and close your biggest vulnerabilities first. At least once a year, conduct a risk assessment in as large of a scope as you can. Bring in stakeholders from all over the business and openly discuss where each group sees areas for improvement. It’s also helpful to evaluate your business on a security maturity model such as COBIT.
What should you include in your security program? Powerful security solutions. The PCI Security Standards Council recommends payment data solutions like tokenization and point-to-point encryption (P2PE) that can not only help businesses better manage PCI compliance, but also provide strong, modern encryption. Tokenization won’t keep a hacker from breaching a system but it drastically reduces its impact. Tokenization is a process that replaces actual sensitive data, like a credit card number, with a valueless token that’s otherwise useless to a criminal seeking the information. Combined with P2PE, a solution that protects sensitive data with encryption from the moment it is captured through its full lifecycle, businesses can prevent the use of sensitive data for fraudulent activity in the event a system or network is breached.
There’s no way around it. Breaches will happen and if businesses don’t put the right steps into place to protect customer information, the impact can be devastating and lasting. Do the research and ask the questions that will get your business set up for a much less painful impact if and when a breach does occur.
Justin Shipe is VP of information security for CardConnect, a leading provider of payment processing and technology solutions, helping more than 67,000 organizations – from independent coffee shops to iconic global brands – accept billions of dollars in card transactions each year.
Drug chain names new finance chief
Fred's named Jason Jenne as executive VP and CFO. He will replace outgoing CFO Rick Hans, who is leaving to pursue other opportunities. Hans will stay onboard as an advisor until August 18, to ensure a smooth transition.
Jenne, a certified public accountant with more than 25 years’ experience in finance and operations, joined Fred’s in September 2016 as senior VP finance. Prior to that, he was president and CEO of golf shaft manufacturer True Temper Sports. During his 18-year tenure at True Temper Sports, he held such titles as CFO and COO.
During his time at Fred’s, Jenne has been an integral part of the company’s new healthcare strategy implementation and other efforts.
“Jason is an integral member of our leadership team and over the past year he and I have worked closely together as we navigated the proposed Rite Aid transaction, implemented a new healthcare strategy and pursued additional growth opportunities for Fred’s Pharmacy," Fred’s CEO Mike Bloom said. "As we execute our plan, Jason’s strategic insight and financial expertise will be invaluable in our ongoing efforts to improve performance and create shareholder value.”
Dunkin’ Brands exec joins rapidly expanding restaurant chain
An industry veteran has been tapped to lead operations at of the nation's fastest-growing fast-casual restaurant companies.
Mod Super Fast Pizza Holdings has appointed Paul Twohig to the new role of COO, effective immediately. The appointment comes as the company continues its rapid expansion in the United States and abroad. With Twohig’s arrival, Chris Schultz, former senior VP of operations, will take on the new role of senior VP, international to lead Mod’s development abroad.
Twohig has served on Mod’s advisory board since 2008. Most recently, from 2009 to 2017, he served as president of Dunkin’ Donuts, where he led U.S. and Canadian operations, franchising and store development for more than 8,500 Dunkin’ Donuts locations.
Prior to Dunkin', Twohig was COO and executive VP of Panera Bread, and spent a total of 14 years at Starbucks in two separate stints.
Mod was founded in Seattle in 2008 by Scott and Ally Svenson, whose previous ventures include Seattle Coffee Company, which they sold to Starbucks in 1998. Mod, a recipient of Chain Store Age's Breakout Retailers Awards in 2017, currently has more than 235 locations in 23 states and the UK, with plans for continued rapid expansion.
"Not only will Paul (Twohig) bring world-class experience and expertise to the team as we continue our journey of building the leading fast casual pizza brand in the world, but he will also be a fantastic champion for our culture and mission of using the business as a platform to make a positive social impact,” said Svenson, co-founder and CEO of Mod. “Ally and I could not be happier to welcome Paul onto the MOD team.”