June 1, 2017 | Posted by Michael Berman
Clock Image
2 Minute Read

Did you ever make a mistake you couldn't live down? Maybe your friends and family tease you about it good-naturedly when you get together. Or maybe it was a more serious infraction and you became a cautionary tale.

That’s exactly where Target is nearly four years after its data breach in 2013. You probably remember it as the one that affected 41 million customer payment card accounts and exposed contact information for more than 60 million customers. It happened when hackers got into Target’s system through a third-party HVAC vendor and installed malware at point-of-sale registers.

Not only is Target still held up as the standard example of third-party vendor management gone wrong in every single data security article you’ve read, but now it’s back in consumer headlines as the New York attorney general announced that 47 states and the District of Columbia reached an $18.5 million settlement with the retail giant over the breach. The settlement also requires Target to implement a data security program, which it’s already done.

Mandatory elements include:

  • developing, implementing, and maintaining a comprehensive information security program.
  • employing an executive or officer who is responsible for executing the plan.
  • hiring an independent, qualified third-party to conduct a comprehensive security assessment.
  • maintaining and supporting software on its network.
  • maintaining appropriate encryption policies, particularly as pertains to cardholder and personal information data.
  • segmenting its cardholder data from the rest of its computer network.
  • undertaking steps to control access to its network, including implementing password rotation policies and two-factor authentication for certain accounts.

Talk about a news story that just won’t go away. Target has apologized to customers. It’s testified before Congress. It’s improved its data security and paid a fine. Yet almost four years later, and it’s still making headlines.

That’s why it’s critically important to protect your reputation and assess and mitigate all risks to it, including third-party vendors. When customers and the media talk about your institution, you want it to be for the positive reasons.

Don’t let a mistake cast a shadow over your brand. People are slow to forget.

Michael Berman

Michael Berman

Michael Berman is the founder and CEO of Ncontracts, a leading provider of risk management solutions. His extensive background in legal and regulatory matters has afforded him unique insights into solving operational risk management challenges and drives Ncontracts’ mission to efficiently and effectively manage operational risk.