3 things every IT pro can learn from the Target attack

Even if your company isn’t in retail and has never processed a credit card transaction, there are some major lessons to be learned from the recent Target data breach. 

The news for Target keeps getting worse as it’s recently been revealed that 70 million shoppers’ personal information had been stolen along with the earlier announcement that 40 million credit and debit cards had been taken.

While retailers are likely to start putting an increased focus on security (other companies have also allegedly been hacked), there are lessons to be learned for every IT pro in every industry.

Lesson 1: Don’t wait

Target’s chairman reported that the rough timeline of events following the hack was:

  • Day 1: Securing the environment
  • Day 2: Initiating the investigation and doing forensic work
  • Day 3: Preparing customer service for incoming calls, and
  • Day 4: Notifying customers.

If that four-step plan is accurate, it’s not a bad way to go. However, indications are Target may have known about the breach well before security blogger Brian Krebs broke the story.

Lesson 2: Secure wireless

Unlike many cyberattacks, this one seemed to exploit Target’s own point of sale system, not corporate computers. But anything connected to the Internet can be a point of access for hackers.

Make sure you secure all Wi-Fi enabled devices. Now that nearly everything can connect wirelessly to the Internet, IT’s going to have its hands full controlling and protecting these devices in the future.

Remember: Even if it’s built and serviced in-house, if it can connect online, it can be breached online.

Lesson 3: Have a disaster plan in place

Disaster recovery is usually thought of as what happens after a storm or power outage. But recovering from a data disaster is just as important.

Make sure there’s a communication and action plan in place. After a breach is no time to be sorting out who is responsible for what.

Have the plan updated regularly and changed when key personnel move on from the company. This can make the difference between a somewhat smooth recovery or running around in circles.