Target data breach: What retailers and consumers can do

U.S. retailer Target disclosed in December that it had been the victim of a major data breach over the holiday shopping period, affecting millions of customer financial accounts. Our security experts say there are several security precautions consumers and retailers should take to avoid being victimized by credit card fraud, data loss and cyber attacks.

Approximately 40 million Target customer credit and debit card details were exposed between Black Friday and December 15. Consumers whose data may have been stolen should carefully monitor their bank and credit card statements for any signs of fraud, and report suspicious charges immediately to their financial institutions.

What to do: Consumers

As Naked Security writer Lisa Vaas reported, consumers worried about fraud should check for suspicious activity by reviewing their free credit report at www.AnnualCreditReport.com or by calling (877) 322-8228. You should also report suspected fraud to law enforcement or to the Federal Trade Commission (FTC) at www.consumer.gov/idtheft or call 877-IDTHEFT (877-438-4338).

Although Target said only customers who shopped at its retail stores were affected, and not those who purchased online, make sure you’re staying secure when you shop online. Read these tips from Naked Security for safe holiday shopping.

Data security for businesses

Loss of sensitive customer data like credit card numbers can be extremely costly for businesses. The average cost of a data breach in 2012 was $188 per record in the U.S., including the cost of fines, legal damages and loss of business. A recent study by the Ponemon Institute found that 51% of small and mid-sized businesses experienced data loss in the past year.

In Target’s case, Sophos Global Head of Security Research James Lyne says the company’s data security was clearly inadequate. “Forty million cards stolen really shows a substantial security failure,” James tells the Associated Press. “This shouldn’t have happened.”

Here are some steps you can take to enhance data security for your business, as recommended by security consultant Graham Cluley:

• Harden your website security to prevent cyber attacks
• Separate storage of your customer data from your public-facing website and servers
• Restrict sensitive data so only those employees who need to access it can
• Keep your endpoints (including laptops) securely patched and protected by up-to-date security software
• Protect your employees online with web filtering
• Always encrypt your data wherever it resides

We’d add one more recommendation: be sure you have a comprehensive data loss prevention strategy.

Sophos SafeGuard Enterprise

We make it simple for you to manage your security policies and data protection across your organization. With SafeGuard Enterprise, you’ll be ready to comply with data privacy laws and keep the wrong people from seeing your organization’s or your customers’ confidential information.

SafeGuard Enterprise:

• Uses a single console to manage full-disk, removable media, file-share, and cloud storage encryption
• Provides up-to-date security status for all your devices with reporting and auditing that lets you monitor and enforce compliance with internal policies and external regulations

Sign up for a free 30-day trial today.