What would happen to your business if you saw a 46 percent decrease in profits? I am guessing that would keep you and your employees up at night.
Well, that is exactly what happened to Target after they had a massive data breach that was all over the news and made them the only folks who were getting worse press than Justin Bieber. If you combine the compromised credit and debit cards with the personal information that was stolen, a total of 110 million consumers were put at risk during this event.
Headlines followed linking an HVAC company to this breach of information. This should get every contractor’s attention. Federal agents visited Fazio Mechanical Services Inc. in Sharpsburg, Pa., and the contractor reportedly cooperated with their requests. Having been publicly identified by independent blogger Brian Krebs, Fazio Mechanical Services released an official statement clarifying the company’s role in this cyber security incident.
“Like Target, we are a victim of a sophisticated cyber attack operation,” said Ross Fazio, president and owner of Fazio Mechanical Services. “We are fully cooperating with the Secret Service and Target to identify the possible cause of the breach and to help create proactive initiatives that will further enhance the security of client/vendor connections making them less vulnerable to future breaches.”
Fazio also clarified that Fazio Mechanical does not perform remote monitoring or control of heating, cooling, and refrigeration systems for Target; although multiple news media outlets are reporting this inaccurately, according to Fazio’s statement.
“Our data connection with Target was exclusively for electronic billing, contract submission, and project management,” the statement reads. “Target is the only customer for whom we manage these processes on a remote basis. No other customers of ours have been affected by the breach.”
Target is a big company, and a lot of people love their prices and value, so I am sure they will survive. However, small businesses, like a lot of HVAC contractors, do not have as much positive equity built up with their customer bases simply because they have not had as many transactions. A loss of faith in your business could have crippling effects, and there is a good chance you might not be able to weather the storm.
The time to start making sure this type of issue does not affect your company was yesterday. Obviously, there is a lot of low-hanging fruit in this area. These are the same items that the BNP Media IT department has been telling us for years. These are items like, ‘make sure you do not use the same weak passwords for multiple purposes,’ and, ‘make sure you do not click on links within an email unless you know exactly who sent it and where you are going.’
However, this obviously needs to go much deeper. If someone hacks into my computer, they can get a look at next week’s cover story. If they hack into your accounting department’s computers, they can do some real damage.
The first step is understanding what data you are gathering, who has access to it, and what should be secure. This means that these discussions have to be had at a corporate level rather than just one person or a small group of people in a specific department. Hopefully, your company is running business-grade antivirus software because the stuff for consumers is not thorough enough.
And this is probably going to mean some outside assistance as well. While I realize that equals money, it dwarfs in comparison to what it could cost you if this is not done correctly.
So add this to the list of reasons why you do not want to model your business after Target. In addition to not wanting to be known as the cheapest company in town, you also don’t want to be known as the business that does not protect customers’ information.
Publication date: 3/17/2014