Breach! The low-tech lesson the Zappos’ mess has for Finance
All that free shipping may not seem like a bargain anymore! Here’s what any company can take away from the Zappos’ breach.
Shoe lovers everywhere were sent into a panic last week when online retailer Zappos disclosed a major security breach that impacted the information of as many as 24 million customers.
And while your company may not have nearly as large a customer database, there’s plenty for Finance to take away from this latest current event.
All the geeks have been Monday morning quarterbacking the breach and there’s a consensus on what Zappos did right and what it could have done better.
Checking out the Zappos post-mortem could help protect your company, considering that Finance is the home of some of the most sensitive information in any organization.
Easier than you’d think to happen
You might think about a data breach only happening when some nefarious hacker gets into your company systems.
But there are plenty of more common and even accidental ways it could happen: a finance staffer steps away from her desk while processing paychecks and forgets to log out of the system. Or a file containing customer data gets accidentally misplaced. All data breaches.
Assume IT has all the necessary precautions in place as well as a response plan if there is a problem.
So how ready is your department to react? Take a look at the Zappos specifics to get an idea:
What they did well: Zappos alerted customers quickly. The company didn’t wait days to start notifying customers. The clock is ticking. While you don’t want to be alarmist, as soon as your company has a strong suspicion data has been compromised, it’s time to tell employees, customers, etc.
Where they could have gone further: Zappos did speak up, but some critics felt it didn’t do so in enough different methods. The retailer chose to email customers, but could have done other things, too, like post a warning on its Website.
Where else they could have gone further: In its breach announcement, Zappos didn’t offer customers enough specifics. Of course you don’t have to say “Jamie in Payroll went to the ladies’ room without logging off and someone saw everybody’s Social Security Numbers.” But you do need to offer some detail on how it happened, what you think was compromised and how far-reaching it was.
You’d like to hope you never need to draw on any of these lessons. But it’s reassuring to know your best moves if it does.
Free Training & Resources
White Papers
Provided by Personify Health
White Papers
Provided by UJET
Webinars
Provided by SkyStem
Further Reading
Some payroll staffers may assume that complying with IRS regulations is enough to keep their companies out of trouble. That’s not ...
When IRS reduced the electronic filing threshold, the change impacted a long list of information returns. Now, the list of forms to e-file ...
To keep your ACH payments flowing smoothly, Nacha advises businesses to update financial institution routing number validation tables at le...
Time to update your systems: SSA has announced the 2026 Social Security taxable wage base. Next year’s number will increase to $184,50...
In 2022 about a dozen states put law changes – some at the constitutional level – directly into the hands of the voters on Elec...
As finance and HR leaders develop 2026 salary budgets, errors in payroll execution can quickly undermine the impact of planned pay raises. ...
