Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Most online security is reactive, plugging holes as they are discovered. Whereas, hackers derive their livelihood from finding and exploiting security holes. They're always going to be one step ahead, because their livelihood depends on it.
As a consumer, all you can do is hope that the companies you do business with are doing everything they can to plug the security holes that the world knows about and to detect as quickly as possible the ones that they don't know about yet.
There is no "preventing" this. You simply can't completely eliminate fraud/abuse/crime. You can only do what's necessary to reduce that risk to an "acceptable" level. The key here is what's acceptable? More often it comes down to money. You obviously don't spend more on security than the loss will cost. But what if that cost is shared between multiple parties that do not have a direct link? In the case of credit cards - the loss is more often incurred at the banks, but the controls are implemented at the merchants - hence the slow adoption of more secure transaction methods.
We should be seeing some changes come next October when the liability shift with regards to the use of EVM cards goes into affect.
There are solutions, but they can be wildly expensive. The Russians went back to typewriters, stores that never computerized are unhackable, and simply slowing and capping any data transfers and crippling all input/output to a bare minimum can add security.
With businesses that have stock, the key to remember is that it is all about reducing immediate costs and increasing profits. The future is someone else's problem.
And many companies take the stance of, we'll worry about it if it happens. They fail to do proper auditing or evaluation, fail to encrypt critical data, fail to keep servers updated/secured. People don't learn from other peoples mistakes. There are plenty more breaches to come.
The apology statements that always come after a breach claiming that our privacy and data security are of the utmost importance to them are nothing but a joke.
The apology statements that always come after a breach claiming that our privacy and data security are of the utmost importance to them are nothing but a joke.
I disagree. As the link in the OP suggested, customers don't want to shop at stores that have had significant security issues. It is absolutely in their best interest to treat our data carefully, because they know that if they don't, there's a strong chance they'll lose that customer along with who knows how many future customers.
As a business owner myself, I'm hypersensitive to keeping my customers' payment and tax ID information secure. The very last thing I ever want to have to do - even less than closing the doors - is send my customers a notice informing them that their info was somehow stolen from us. It's a reputation crusher and would be a personal failure that would stay with me much longer than losing the business would.
Of course it's in their best interest to secure our data, but they don't, yet they claim it's important after they loose said data. Usually because someone did something stupid or didn't do something they should have.
Of course it's in their best interest to secure our data, but they don't, yet they claim it's important after they loose said data. Usually because someone did something stupid or didn't do something they should have.
You just proved my point. The failures are typically human, not a failure in their processes or policies.
A company with thousands or tens of thousands of employees can't guarantee that each and every one of those people will have the security of your personal data high on their priority list. It's not reasonable. What they can do is develop policies and procedures that reduce the risk of exposure as much as is practically possible. And honestly, what more can you ask them to do? You're a techie guy - what solution do you have that guarantees to eliminate the hacking of all computer networks?
Anyone with an ounce of sense does not put their company network on the internet directly. There are many ways to protect your company internal network from the big bad world outside. Even e-commerce sites which by nature need to connect to the internal network.
PS your firewalls alone are not enough, as witnessed by these several breaches over the past couple of years.
Face it. Most businesses are too cheap and too lazy to create secure networks.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.