Not just a compliance issue, but a matter of trust and customer retention
Are you ready? According to a recent article in Security Sales and Integration magazine, alarm dealers of all sizes are crossing the threshold and beginning to pay significant attention to Cyber Security issues and how they affect their companies. Whether it is the Gramm Leach Bliley Act or the Federal Trade Commission, C-Suite executives are embracing the challenge because it is the law, and the alternative is not good for them and their customers.
Here is one very good reason why: a $700M reason. The Equifax Breach settlement was recently announced, and it gets your attention. Equifax took their sweet time to patch a hole in their computer systems. They chose not to notify their regulatory authorities or tell anyone, thus resulting in the compromise of personal information for more than 140 million people. Two hundred and seventy-five million dollars, of the settlement, will be distributed to all the states plus Puerto Rico and the District of Columbia. In addition, Equifax will pay out $425M to compensate customers and provide credit monitoring. In the words of FTC chairman, Joe Simons, “Companies that profit from personal information have an extra responsibility to protect and secure that data. Equifax failed to take basic steps that may have prevented the breach.” They made almost every mistake in the book. They ignored the breach for almost 90 days, when they actually knew there was a serious problem, before notifying the government. They then waited another 30 days to notify their customers.
Alarm dealers, Integrators, Fire companies and Central Monitoring stations likely fall under these same regulations, plus a multitude of Privacy laws that have been passed by many states. Equifax has insurance and some very good lawyers, but the settlement still puts a big hole in their cash flow. Our alarm customers are monitored and serviced every day by us, but they would leave en masse, if we treated a breach of their personal information similarly.
According to “HashedOut-2019”, Cyber security is like a muscle: the more you work it and keep it engaged, the stronger and more honed it will become. If you become complacent, the cyber equivalent of a “couch potato” you’ll see your employees’ sense of cyber awareness get “out of shape”, and become ineffectual, leaving your organization defenseless against external cyber threats. I’d say nobody wants that, but then I’d be lying–cybercriminals are hoping for exactly that.
Alarm dealers and central stations are busy folks doing what we do so well. However, we are still smart enough to use passwords and change them when an employee leaves the company. We are smart enough and aware that it is a dangerous cyber world out there. But, how much of our time is actually focused on our cyber risk? Clearly, not enough. Physical security is our business. We are not trained in Cyber security or Risk management. In the same way that we off-loaded the responsibilities of alarm monitoring to third-party central stations, we should consider doing the same with Cyber security and its myriad of new issues. We trust our alarm central stations to deploy the technology and resources to the monitoring function in a professional fashion. Isn’t it time we do that with our Cyber security responsibilities? Info Safe is one of the leading companies that has addressed the Cyber security challenge and is providing the software, resources and trained personnel to professionally manage the issue for their clients. Info Safe, however, is the only entity that realized one important factor in dealing with Cyber security in all its forms. That is the need to certify that their clients have completed all of the requirements necessary to comply with Federal and State regulations and will not fall into the “I’ve been Equifaxed trap”. This certification will assure customers, suppliers, lenders, and their insurance agent that they have done the “right thing” to comply with the law.
Tony Smith is the founder and President of Security Funding Associates, a 20-year Brokerage and Advisory Services firm, located in Los Angeles, California. He is a licensed alarm dealer, former President of the CAA, and former Board member of ESA. Tony may be contacted at firstname.lastname@example.org or (626)795-9199.