4. System hacks
It's tough to keep up with hackers, because they are constantly finding new ways to infiltrate databases. In January, Davidson Companies, a financial services firm based in Great Falls, Montana, announced that a hacker may have been able to access personal data on its current and former customers. A handful of the estimated 226,000 affected customers have since filed a lawsuit. Davidson Companies would not comment.
Hackers often target financial companies. They also have an eye for e-commerce sites. In January, the Federal Trade Commission announced a settlement with Life Is Good, a Boston-based apparel maker. The agency criticized the company's e-commerce security after a 2006 incident, in which a hacker used an "SQL injection attack" -- an attempt to gain control of the database by typing code into areas like search boxes -- to grab customers' credit card numbers and expiration dates.
The terms of the settlement require Life Is Good to beef up security and hire an independent security auditor to evaluate its systems for the next 20 years.
The company declined to comment on the settlement, but an FTC representative says the agency learns about the cases it investigates through a variety of sources, including suppliers and customers.
Often companies don't even realize they have been hacked until well after the fact. According to a recent security report by Verizon Business, 70 percent of firms didn't know they had been hacked until someone else -- a customer or a bank -- reported suspicious activity.
How to respond: If you think there has been a breach, take action right away. Davidson Companies immediately took its website offline, hired a security firm to investigate, and contacted the authorities, the credit bureaus, and its customers. You'll need to do the same, and also contact your attorney, if hackers may have gained access to credit card numbers or other sensitive information.
It has become the norm to offer customers a year of credit monitoring services, which can cost about $10 a month per customer. Brace for customer defections, lawsuits, and possible fines from the FTC.
Preventive measures: There is no foolproof way to stop all hacks. So make sure your website encrypts your customers' credit card numbers and passwords (as opposed to storing them in a readable text format, which is what Life Is Good did before the attack). That way, even if hackers get in, they won't be able to see the information.
And make sure that you apply the latest security patches to your software to protect against known vulnerabilities. One in five hacks exploits a security hole that's been public knowledge for six months or longer.
McAfee offers a service called McAfee Secure, which scans your website daily for known security vulnerabilities. The service starts at about $1,700 to $2,800 a year for sites with fewer than 30,000 daily page views.
Sophisticated techies may also be able to create what's known as a honeypot, phony files and decoy servers that are used to trap hackers. It's sort of like leaving a fake pile of gold out in the open -- if anyone tries to take it, you will know the system is under attack.
Image: A young computer engineer at work at Tata Consultancy Services | Photograph: Panta Astiazaran/AFP/Getty Images
Also view: 11 Blackjack secrets the casinos don't want you to know
Advertisement
