May 2008

	If your Internet provider filters incoming e-mail, please add ncxgroup.com to your list of approved senders to make sure you receive NCX Group Security Updates.
	DATA BREACHES AREN’T JUST BUSINESS ISSUES, THEY’RE PERSONAL It certainly is not an intentional act by businesses to let data breaches happen. Even the smallest breach can cost tens of thousands in credit monitoring fees, and with budgets tightening even more this year, any size breach would not be a welcome expense. With that said, many companies are not budgeting assessments to ensure their infrastructure is impenetrable and their policies and access controls are being met. When a breach compromises employee or customer data, it can devastate the life of these victims for years to come. The effects of a Social Security number being stolen, for instance, can have lasting consequences. There are those that use an unauthorized SSN to get a job, and then there are those who use it to assume the identity of another person to commit fraud, which can ruin a victim’s credit or put them into debt. But even if it is used for jobs only, it can affect the victim’s SSN benefits when needed later in life. A recent article called Two Lives, One Social Security Number recounts the struggle of one victim’s experience when discovering while opening her new 401(k) statement that there was another name on it. The consensus of most companies that fail to protect identifiable information is that they will be exempt from prosecution and will not have to account for their negligence unless the victims can prove they suffered loss or harm from the breach. But recently, the FTC has declared that common sense will prevail over technical legal arguments when it comes to governmental sanctions, as they did with the ValueClick settlement ruling. They concluded “that enterprises could be found negligent for promising to protect user data but subsequently failing to implement the security precautions required to meet those

ISSUE: May 2008


		Subscribe to Security Update

	2008 Reported Data Breaches Keep yourself updated on the latest security breach disclosures


	NCX Vision See What You’e Been Missing Learn more here >>



	Looking for Managed Security Services? Call us at 888-448-5451 or contact us below

	To have an NCX Group Representative Contact You Email us here

promises.” Companies should also heed the unproclaimed warning of Davidson Cos. that is now being sued for negligence when it allowed a hacker to penetrate its systems, resulting in a data security breach and the exposure of some 226,000 customer records. The class-action lawsuit alleges “the Davidson Companies failed to comply with the industry standards designed to protect such confidential personal and financial information from theft” and that the company did not provide “adequate safeguards in its storage and handling of its clients’ confidential personal and financial information.”

In essence, more companies are being sued and can be held liable for “things their IT departments didn’t do, alleging that the IT security department’s negligence led to a hack” as indicated in Davidson Cos. Sued for Negligence in Data Breach. This article calls for security pros to take heed. “If you don’t do your job, you may not only be fired — you may end up in court.” It’s coming to the realization that either companies develop an ongoing security program including assessments, or the FTC may mandate they obtain independent third-party assessments of their programs for 20 years, as they did with ValueClick.

Breaches are personal and companies should not have a cavalier attitude that their information is secure when no assessment or security audit has been conducted for years. How do you know your systems are secure? One has to wonder if all the breaches we hear in the news had management who felt their business and infrastructure was secure. We say kudos to those companies who care about the personal information of their employees and customers by conducting security reviews and confirming their remediation efforts afterwards.

Don’t gamble with the security of your customer data. Call NCX Group now for a free consultation on how our experts can help you secure your data at a price that will fit your budget. Call us today at 888-448-5451 for an appointment or request a representative to call you.

NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.

NCX Group, Inc.
5000 Birch Street, West Tower, Suite 3000
Newport Beach, CA 92660
888-448-5451
www.ncxgroup.com