Enterprise wake-up call: if you’re not doing enough to protect your customer information, the feds might come after your company for unfair and deceptive practices.
That’s the conclusion of an appellate court this week, who decided that the US Federal Trade Commission (FTC) has the power to sue corporations who don’t take adequate measures to protect customer information from hackers.
The FTC had sued Wyndham Hotels and Resorts over a series of security breaches that led to the compromise of the personal information and credit card numbers of 619,000 customers, to the tune of $10.6 million in fraudulent charges.
It could be argued that Wyndham’s security lapses had been particularly egregious. For example, the FTC contended that it wasn’t even using firewalls, perhaps the first line of defense against cyberattacks.
Firewalls, however, were only the tip of the iceberg. “The idea that you can trust any internal network and consider it to be safe with or without firewalls is completely obsolete,” according to cybersecurity expert Satyam Tyagi, CTO of Certes Networks.
In addition to the lack of firewalls, Wyndham also stored credit card information in clear text rather than encrypting it, failed to address known vulnerabilities, and wasn’t even aware of what computers it had connected to its own network – as well as several other basic lapses that every company must address to have any hope of deflecting an attack.
In fact, the FTC saw this breach as evidence of unfair or deceptive business practices – thus making it worthy of official action. “It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information,” FTC Chair Edith Ramirez told Reuters. However, neither the FTC nor the court specified what “reasonable steps” might be.
Read the entire article at http://www.forbes.com/sites/jasonbloomberg/2015/08/25/company-breached-by-hackers-youre-being-deceptive-according-to-ftc-and-the-court/.
Intellyx advises companies on their digital transformation initiatives and helps vendors communicate their agility stories. As of the time of writing, Certes Networks is an Intellyx client. None of the other organizations mentioned in this article are Intellyx customers. Image credit: Jason Bloomberg.
