Remediation costs, such as a credit monitoring service which Fidelity offered each customer to allow them to monitor that no fraud is taking place, can add up to several million more dollars. And the loss of some percentage of its angry customers, perhaps as much as 20% of its clients, will add even more to the total cost of the data breach. It is also likely that Fidelity will ultimately be assessed fines/penalties from government agencies, resulting in total monetary loss to Fidelity from this one data breach in excess of $10M. “Then you add on the cost of the personal credit watchdog services that companies often provide users who are victimized, plus the potential loss of business from the negative publicity, and the total loss to the company grows rapidly,” he said. And the loss of some key business information can also be a violation of the new business regulations, such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act (HIPAA).
Gold suggested that companies need to take a series of steps to mitigate the risk both on laptops and smaller mobile devices:
1. Educate users
2. Password protection is set to “on”
3. Mobile management system
4. Determine which files can and cannot be downloaded
5. Encryption
6. Enforce connection/VPN security standards
7. Require active firewall protection and virus protection
8. Enable device lockdown and “kill” functions
9. Log device
The good news is that at least partial solutions for common BlackBerry, Windows Mobile and Palm OS handhelds are available on the market today.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000996&source=rss_topic17