The government is cracking down on companies with poor cyber-security. So, if you have one of those businesses that’s still hanging on to Windows XP, you need to listen up. If your data is breached, you could face a stiff fine for not having up-to-date security measures. You’ll still be in trouble even if none of your customers’ information is stolen.
Both the Federal Trade Commission and the Securities and Exchange Commission are showing decreasing tolerance for poor security measures. A St. Louis-based investment firm agreed to settle charges that the company failed to established required security procedures. Among the charges, the company had no written policies and procedures to ensure confidentiality.
An unknown attacker , eventually traced to China, managed to get access to their server. While no customers suffered financial loss and the firm notified customers of the breach and provided identify theft protection for those affected, it wasn’t enough for the SEC.
The company was censured and ordered to pay a $75,000 penalty.