The fact that a third-party vendor was commandeered for the hack is not something new. In fact, it is almost always easier to access a system via a third party as opposed to gaining direct access. Despite this, multiple news agencies and bloggers took this development as an opportunity to slam the HVAC guys. I can't tell you that the contractor's security system was faultless or that the hackers didn't use it to perpetrate their crime, but I can tell you that unless it is proven that the mechanical contractor or his employees were complicit in the hack, then they are just as much a victim as Target and its customers are.
I am not sure that the facts will help the mechanical contractor's reputation that is currently taking a beating, or the HVAC industry's reputation which is also taking another beating. My hope in writing this blog is to get the word out that communicating HVAC systems, system monitoring, and electronic payment systems connected to the HVAC contractor are still a good idea. The key to them, however, is proper security.
To help you the HVAC distributor protect your business and inform your customers, here are a few questions you should consider asking and answering with the assistance of an Internet security expert.
1. Are my sensitive systems and information secure?
2. Are my electronic security measures involving my staff secure?
3. Are the customers I am dealing with electronically operating in a secure matter?
4. What are the current security protocols and have I fulfilled them?
It seems that electronic data security is going to continue to be a challenge for everyone operating on those platforms. Don't get caught unaware like this contractor seems to have been. Remember, despite the slam to the mechanical contracting company, multiple sources have said that the way Target's security systems were set up it was vulnerable to a third party attack. Either way, the damage is done.
Find out more about this story here.
Photo Credit: Flickr/nateone