« Disaster Recovery

Report: South Carolina could have done more to prevent data breach

Companies need to ensure that their disaster recovery plans account for cyber security threats, as the effects from data breaches can be very harmful.
Companies need to ensure that their disaster recovery plans account for cyber security threats, as the effects from data breaches can be very harmful.

With so many companies becoming reliant on computers and technology, it's crucial for organizations to ensure that their disaster recovery plan accounts for cyber security threats. Not only will data breaches dampen the reputation of a business, it could cost millions of dollars to repair frauds that are committed with stolen information.

One organization that could have benefitted from partnering with a business continuity consultant was the South Carolina Department of Revenue. At the end of October, the organization reported that it suffered a massive data breach, exposing millions of individuals' personal information and data from 650,000 businesses.

Chris Swecker, a former FBI agent, told Greenville.com – a South Carolina online news source – that even if only 1 percent of the 650,000 businesses experienced fraud from having their information exposed, it could result in losses totaling $338 million. His calculations were based on his experience in the agency with data fraud.

Governor Nikki Haley said that the state could have done more to protect the information for the millions of individuals whose information may have been compromised. According to Haley, the report from computer security firm Mandiant found hackers may have 3.3 million bank account numbers from South Carolina taxpayers.

"We didn't do enough. We should go above and beyond to make sure we do," Haley told the Associated Press.

The report specified that South Carolina made two mistakes. The first one being that it was not a requirement to have two different ways to verify when someone was trying to get into the system to look at tax returns and the second is that it did not encrypt Social Security numbers.

In order to keep an organization's data as secure as possible, companies need to ensure that their disaster recovery plan is as thorough and up-to-date as possible. That way, cyber security threats can be kept at bay.