One Stolen Laptop Costs New Hampshire Company $100,000!

By RMON Networks | December 11, 2017

What began as a report of property theft in 2014, ended with a $100,000 judgement for NH based company, Multi-State Billing Services. The judgement was obtained just last week in Suffolk Superior Court. According to SC Magazine, a password protected laptop containing the unencrypted student data was stolen from the vehicle of a Multi-State Billing Services employee. Because of this theft, 2,618 students are now at risk of identity theft.

Below is an excerpt from the Cape Cod Times, on the affects the incident has had on Multi-State Billings Services.

The size of the settlement is a heavy burden for the small, family-owned company to bear, according to Meroff, CEO of Multi-State Billings Services.

“Even before the incident in early 2014, MSB had many strong security measures in place already, and was unaware that this data existed on an unencrypted laptop,” he wrote. “Immediately after the incident occurred, the company took this as an opportunity to implement additional security measures, which were in place long before the Massachusetts Attorney General became involved.”

Pause for a minute and consider your business and your potential risks.

Do you or your employees take data out of the office? What kind of personally identifying (PI) data do you store about your employees or customers? How are YOU protecting that data onsite, and when it leaves the building? How are the 3rd party vendors you are utilizing protecting that sensitive data? Ultimately, your business is on the hook if anything happens.

Don’t be the next victim! Knowing your risks, lowers your risks!

Image: According to the Verizon Data Breach Report, one of nine risk patterns is Theft and Loss. Click image to view full report.

According to the 2017 Verizon Data Breach Report, 61% of data breach victims in this year’s report are businesses with under 1,000 employees, and if you haven’t suffered a cyber-security breach you’ve either been incredibly well prepared, or very, very lucky. Are you incredibly well prepared?

It’s safe to say that most companies are not well prepared. Back in September, after yet another local data breach, we wrote a blog about the importance of being proactive with your network security. The blog details the events of the breach, and all of the reactive security measures that were put in place post breach!

The 9 Risk Patterns

The Verizon Data Break Executive Summary Report identified the below 9 patterns that 88% of all breaches fell into. Understanding these 9 patterns can enable you to be proactive with the security measures you can put in place, and ultimately reduce your risks.

  1. Crimeware: All instances involving malware that did not fit into a more specific pattern.
  2. Cyber-Espionage: Attacks linked to state-affiliated actors, and / or with the motive of espionage.
  3. Denial of Service: Any attack intended to compromise the availability of network and systems.
  4. Insider and Privilege Misuse: Any unapproved or malicious use of organizational resources.
  5. Miscellaneous Errors: Unintentional actions that directly compromised the security of company data.
  6. Physical Theft and Loss: Any incident where physical assets went missing – deliberately or accidentally.
  7. Payment Card Skimmers: All incidents where a skimming device was placed on a payment card reader.
  8. Web Application Attacks: Any incident which a web application was used as the means of attack.
  9. Point of Sale Intrusions: Remote attacks against POS terminals and controllers.

KEY TAKEAWAY: a data breach is only a matter of time. You can no longer afford to be reactive with your data security. Accidentally or deliberately, companies now have to pay big fines for data breaches.

RMON Networks specializes in Network Security and IT Consulting for small to mid-sized businesses in the New England area (MA, NH, ME, VT, RI). Contact our experts today if you have questions or concerns about your company data.


Contact Us

Leave a Comment

Your email address will not be published.