In June 2015, a federal investigation began into a data breach that may have compromised the personal information of some 4 million current and past federal employees. Premier Blue Cross reported that in January 2015 hackers stole 11 million records, including credit card numbers, Social Security numbers and email addresses. Home Depot said in 2014 that 56 million credit card numbers and 53 million email addresses of customers had been stolen. There have been other recent victims of cybercrime: Anthem, Sony, JPMorgan, EBay and Target.
Incidents of hacking have dominated the news of late. Whether the suspects are individuals or foreign governments, the criminals are creating uncertainties and nervousness within the global community that is becoming increasingly dependent upon the Internet for storing information, commerce and communication.
That is why each new report of a data breach is so unsettling. In January 2015, Neiman Marcus reported a card hack of debit and credit card information of in-store customers. The investigation determined that 350,000 customers were affected, their data stolen after malicious software was installed onto the store’s system that collected payment card data.
Hopefully, as such incidents of hacking become more worrisome, improved methods of detection, prevention and targeting the perpetrators will result in less hacking.
At geoAMPS, we’ve already taken steps to protect the information of our organization and clients, all stored in Web-based database systems.
When considering Web-based software be sure to look for certifications such as providers that use SAS 70-secure facilities with multiple layers of security, including role-based access, password and physical controls of server locations.
Newer compliance standards also include Service Organization Controls (SOC) 1, 2 and 3, SOC that go a step further, looking at such items as:
• Is the Web system protected against both physical and logical unauthorized access?
• Is the system processing complete, accurate, timely and authorized?
• Is the information designated as confidential and, if so, is it protected?
• Is personal information used, retained, disclosed and disposed of in accordance with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants?
When considering where to store data on the Web or do business with vender organizations be sure to look for the above information and ask the questions that will lead you to the best decision for your organization.
• Compliant with SAS 70, SOC 1-, 2-, and 3-like standards?
• Are hacking (AKA, penetration) tests conducted regularly?
• Is the system backed up in a different physical location?
• Is data encrypted both in transit and at rest?
• Is the system security role-based, limiting access to job functions?
Customers understandably want to know that they can trust their data center provider to meet the most rigorous control standards, requiring accountability and transparency. To meet those concerns the American Institute of Certified Public Accountants created a “Statement of Auditing Standards” certification termed SAS 70. The advanced certification gives customers the assurance that their data center provider has effective controls in place for managing the design, implementation and execution of customer information.
Want to learn more about geoAMPS products and services? Call us at 614-389-4871 or visit our website, www.geoamps.com
Dan Liggett is Communication and Public Relations Consultant at geoAMPS.