CNNH secured the account by resetting its credentials and is updating company-wide email standards by enabling two-factor authentication and updating employee training initiatives. These simple data security measures should be standard at every company, and they have to be implemented before a breach occurs. With the cost and consequences of a breach continually increasing, companies can’t afford to wait until it’s too late to take steps to protect their data.

After the breach, Health Quest announced that it would implement two-factor authentication to secure employee accounts and is instituting employee awareness training to guard against future phishing attacks. Unfortunately, these efforts won’t recover any compromised data, and it won’t mitigate the damage from this breach. To protect data, these highly effective defense tactics need to be deployed before a breach occurs.

Payment skimming malware is a significant, ongoing threat for online retailers. It undermines customer confidence in the buying process and invites costly repercussions from a data breach.

While some companies might be reticent to invest in employee awareness training, this incident demonstrates that the cost of a successful phishing scam far exceeds the expense of preventative measures. The district is working to recoup lost funds but is not likely to emerge unscathed. This news offers a cautionary tale for organizations of all shapes and sizes; preventative measures are only effective if they are implemented before a breach occurs.

Customers and companies are increasingly unwilling to partner with organizations that can’t secure their data. Consequently, avoidable data breaches are an especially egregious way to compromise a company’s long-term viability. Inevitably, mistakes will be made, but identifying those errors and making corrections before hackers can capitalize on the information is critical to any defensive posture.