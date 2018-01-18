SARASOTA – The amount of damage to the U.S. from data breaches is growing exponentially.

“And it’s happening now; over the next 45-60 days is really the target time for the attacks,” Sylint Founder & President Serge Jorgensen said.

Doug Cherry is an attorney board certified in intellectual property law. He knows who these attackers are.

“It’s a bunch of folks in hoodies and pajamas that have maybe never even met each other, with the sole intent purpose of ripping you off,” Cherry, a partner at Shumaker, Loop & Kendrick, LLP, said.

They do it with identity theft, opening up new bank accounts, and stealing your tax information.

“Where the fraudsters are targeting businesses to try to get W-2 information, tax information,” Jorgensen said.

And their disguise could trick most anyone.

“The CEO may ‘send’ an e-mail saying, ‘Please send me all the W-2 information, or send me the employees tax data,'” Jorgensen said.

And people are still falling for it.

“Generally because they’re trying to be helpful,” Jorgensen said. “If the CEO sends you a note that says, ‘Please send this to me,’ you try to accommodate that.”

“You have notice obligations to all those that are affected by the data breach,” Cherry said.

“Now the company has to alert the employees, they have to pay for identity monitoring protection, and they get the brand impact,” Jorgensen said.

It’s easy to fall for, but also easy to avoid.

“The thing about a data breach is not if it’s gonna occur, it’s when it’s gonna occur, so you need to be ready with a plan of attack,” Cherry said.

Like getting a good mail filter, which helps detect phishing emails

“Barracuda, Proofpoint, IronPort, a lot of different companies provide the filtering service,” Jorgensen said.

“You should have a written cyber-security policy,” Cherry said.

And practice it. Cherry compares it to a fire drill.

“Another step to take, cyber insurance,” Cherry said. “Make sure you have that in place.”

Bottom line: If you don’t want your personal information stolen, don’t send it in an e-mail.

“That’s a pretty good idea,” Jorgensen said. “If you don’t want it stolen, don’t send it over the internet. I’ll totally go with that.”