What's the dollar value of your business's data? Even if you don't have a figure, cybercriminals have already run the numbers. They're selling records stolen from organizations of all kinds for a serious profit on the dark web.
A recent study from the Intel Security Group and McAfee labs tabulated the average price of a single stolen digital document on the internet's black market, revealing surprising details on why these crimes remain so lucrative.
- A single stolen credit card in the U.S. can be sold for as much as $30, although cards from the European Union can fetch as much as $45.
Login credentials for a standard bank account with a $2,200 balance can be worth around $190 to hackers.
- Surprisingly, usernames and passwords for hotel loyalty programs could sell for as little as $20 or as high as $1,400.
Although the above examples include personal information, business breaches are a primary way cybercriminals access such documents. The impetus for stronger business controls on cyber threats is even greater in highly regulated industries like the financial services sector, insurance and healthcare. In all of these organizations, a secure data destruction plan constitutes a legal requirement as well as a valuable tool for earning the trust of customers and clients.
On the black market of the internet, stolen information can fetch a high price.
Document retention and destruction
Financial services firms such as banks and insurance companies are beholden to a number of regulations regarding how long they must retain certain sensitive records, as well as when and how they should destroy them. According to an article from Lexology, some of the most pertinent federal laws related to data destruction include:
- The Equal Credit Opportunity Act, which mandates that loan application documents should be retained for up to 25 months following the date of the relevant action detailed in the document.
- The Truth in Lending Act, the Truth in Savings Act and the Electronic Funds Transfer Act stipulate that financial institutions must retain evidence of compliance for each of these laws for two years.
- The Bank Secrecy Act requires institutions to keep some records for as long as five years.
As explained by Lexology, adhering to these often complex document retention schedules is barely half of the battle - financial institutions must also have established procedures for destroying these documents, particularly digital storage devices with specific destruction needs.
Sipi Asset Recovery is helping financial institutions, insurance firms and all other businesses keep their devices and data safe by implementing specialized IT asset disposition plans. This ensures businesses and the clients connected to them don't become another statistic related to cybercrime and identity theft.