In reality, the latest sum TJX has to pay is small potatoes compared to the capital outlay the retailer has made since 2007 to mitigate the security breach that exposed 45 million credit and debit card numbers. When the leak was discovered, TJX set aside $107MM to deal with the fallout and the expenditures to date are in that range. In two of the largest settlements, they’ve paid $24MM to MasterCard and $41MM to Visa banks. In addition, TJX has been ordered to undergo costly external audits every other year for 20 years by the FTC.

Is it 100% possible for companies to avoid costly and negative public facing situations such as this?

Maybe not, but there is quite a lot you can learn from past system compromises to help prevent making the same mistakes. In fact, PCWorld Canada has compiled a “top ten” list of vulnerabilities companies maintaining a serious presence online should know about.

1. Operating System Flaws
2. SQL Injections
3. Drive-by Downloads
4. Compromised Password(s)
5. Social Engineering
6. Malicious Email
7. Physical Access
8. Compromised Network
9. Wireless Hacking
10. Weak Access Points

These vulnerabilities require more than software patches and basic anti-virus software to keep your network and data safe from hackers, and most companies don’t have all the resources available necessary to provide complete protection.

“Instead of relying on costly, in-house expertise, many firms are looking outward to goal-focused security consultants to help identify openings hackers could easily exploit,” said Chris Drake, FireHost CEO. “We recommend that every client undergo a security audit just to ensure everything within your power is being done to help prevent confidential internal and consumer data from leaking into the wrong hands.”