Last week, I finally got my letter from Anthem — much like thousands upon thousands of others, from your colleagues and associates to your employees and friends. For those lucky ones who didn’t get the letter, I can sum it up like this:
Hello, valued (current or former) customer! Just wanted to let you know that we had a teeny, tiny oversight in our security and your confidential personal data was stolen. We aren’t really sure who stole it, and but we are 100-percent sure that they just might have accessed your name, date of birth and social security number; maybe some medical information; quite possibly your contact info; and perhaps your employment information and income data — we just aren’t that sure.
But never fear, faithful (current or former) customer! We have closed the hole in our security and have hired a world-renown cybersecurity firm to investigate and strengthen our systems! And we will be giving you FREE — that’s right, FREE — identity protection services for TWO WHOLE YEARS! After those two years are up…well, you’re on your own pal.
Don’t those words just warm your heart? It’s nice to know that such a big company is willing to go the extra mile to take care of me.
After I finished reading the letter, I was feeling sort of half-decent about my chances to avoid this particular pothole that life placed in my path…then I flipped to the next letter. It was from Anthem, and it had my wife’s name on it. The next one had my 7-year-old’s name on it; and the last one had my 2-year-old’s name in all caps at the top. Immediately, I felt the dread of the quadruple data breach whammy.
There’s nothing quite like the thought of credit cards and bank accounts being opened in your toddler’s name. And I realized: This is my first real chance —as it may have been for a lot of you reading this — to play the security victim. Sure, I have written about security breaches in one form or another for the last 14 years, but I cannot say I’ve felt the sting of the flip side of that coin much at all.
So take it from me — the newest person to feel the sting of his whole family’s data floating out there — it really sucks! I might be blowing this out of proportion for the sake of journalistic intrigue, but there’s a lesson to be learned here, and it’s that statement above all others.
Failing your customer is perhaps the greatest crime a service-oriented company can commit. I had faith in my health insurance company to keep my personal, confidential data a secret, and I don’t care how many years of free identity protection service I get —two? Really? ONLY two? — Anthem cannot un-ring that bell.
Fortunately for one of the biggest healthcare insurance providers in the country, I don’t have a whole heck of a lot of choice when it comes to changing plans. But you had better believe that security customers do.
In editing this special Fast50 issue, I have read a lot about best practices from a business management perspective. I think one of the most important ones is having controls in place. Think about it: Is your business under control? Are the backgrounds of your employees being checked? Are default passwords being changed? Are you selling solutions, or are you selling products? The list goes on.
In the end, it is on you — on each valued member of a security services company — to make absolutely certain that every conceivable step is being taken to make sure you don’t ever fail your customers. I am 100-percent sure there’s no form letter on this planet that can regain your customers’ confidence once it’s been lost.
Paul Rothman is Editor-in-Chief of Security Dealer & Integrator magazine (www.secdealer.com).
