skip to navigation
skip to content

Financial Outsourcing Solutions

Person Using Technology

FOS Blog

03 Sep

Information Security’s Newest Financial Risk – The Federal Trade Commission

Information Security’s Newest Financial Risk – The Federal Trade Commission

$400 million, that is the estimated financial loss of 700 million comprised records, as based upon the 2015 Verizon Data Breach Investigations Report. While the number is staggering, it’s only going to continue to grow as we continue to see an uptick in the number of data breaches. A recent ruling by the third U.S. Federal circuit court has affirmed the Federal Trade Commission (FTC) authority to take action against organizations who engage in unfair or deceptive business practices

The court’s ruling was a result of an FTC suit against Wyndam Hotels for their weak information security practices. Those practices, or lack of practices, resulted in three hacks over a two year period, causing 600,000 records compromised and more than $10 million dollars in fraudulent charges.

For those organizations who have been breached, the troubles are only beginning. Along with mounting legal costs, reputational damage, and the financial burden, organizations can be fined and hit with additional legal action and fines from the FTC.

With the growing cloud presence and evolvement of the internet-of-things, information security and cyber security practices are critical for all organizations, especially those with sensitive information. These essential practices need to be adopted organizationally wide and pushed down from the top starting with the Board of Directors and senior management. While buy in is critical from top level management, education and awareness of the risks and threats, both within and outside the organization, needs to be presented on a regular and on-going basis. Without the proper education and insight, the decision makers at the executive level do not possess the adequate knowledge to make informed decisions.

While senior level buy in and support is critical, the organization needs to ensure adequate controls are in place to protect its critical and sensitive information. Organizations should consider and maintain:

  • Information Security Policies and Practices
  • On-going training for all employees
  • Regular social engineering assessments, vulnerability assessment and penetration tests
  • Periodic information security / cyber security audits
  • On-going monitoring
  • Participation with information sharing groups

The risks associated with information security and cyber security are only going to increase and evolve as attackers and attack vectors continue to become more sophisticated. The mindset has shifted from “if” to “when” an organization will be hacked. As a result, organizations need to be always looking to enhance and evolve their security practices to protect their customer information. The third U.S. Federal circuit court ruling only reaffirmed the organization’s responsibility and the importance of taking information security and cyber security seriously.

For additional information contact the author Jeffrey J. Johns at

| |