For the last year I’ve been trying to coax my clients into sending their files to us using more secure means. I’ve also asked them to re-think some of their methods regarding their data transfer protocols, especially when it comes to sending us their ticket data, mailing lists, and other client-sensitive information.

While some have appreciated the concern and gotten on board, a few others haven’t quite seen the need…yet.

Earlier this month I sat in on a panel discussion on business data breaches / cyber liability and the results were sobering. Here were a few of the takeaways:

  • Nearly 1/3 of data breach attacks took place in companies with fewer than 100 employees. Hackers aren’t necessarily going after the big fish, they are targeting small and mid-size companies. Many of the companies you outsource to fit that model. Go over their security protocols with them before you send another file.

  • Speaking of targeting, did you know that Target got hacked in 2013 through one of their HVAC service subcontractors? Correct, an outside vendor had their network credentials stolen which led to the initial intrusion into Target’s network. Review who has access to your data and determine if there are any concerns for breaches.

  • Phishing email is the #1 method used to learn login credentials and account information. The emails themselves are so expertly masked, the receiver believes them to be legitimate and ends up giving up sensitive information without even knowing it. Just who has access to your data once it leaves your server and is deposited with your vendor?

  • A business mentor of mine once said that if something related to work is keeping you up at night, there is generally a good reason for it. Don’t let sensitive STH and other client data transmissions keep you up at night.