MAXXED-Out

There are important small to mid-size business lessons in the big biz security breach at TJ MAXX. Chief among them: no matter how costly a security breach looks at first, it's going to get worse.The identity theft debacle cost MAXX around $5 million in the last quarter of 2006, and $12 million in the first quarter of this year, leading parent company TJX execs to project a 2-3 cent a share charge for the data theft fiasco.

Ooops.

Figures just in are running ten times that high, with second quarter costs climbing to $118 million.

Total cost could be in the billions.

Admittedly, this is a big company's big problem -- arguably the largest consumer data breach ever -- and carries big bills. But that's just a matter of degree.

Take a look at the various costs of the data breach: investigating and eliminating the vulnerabilities that allowed the breach in the first place, notifying customers whose information was compromised, legal costs to determine exposure and legal costs to deal with the exposures and likely lawsuits. And on and on.

When you're considering your own security issues, give some extra thought to those aspects of your business that, if compromised, could most dramatically expose you to this sort of nightmare. Customer and employee personal and information should be at the head of the list, with vendor and partner proprietary data not far behind. Put rules and systems in place to protect that information at all costs -- because "at all costs" will cost less than not doing so.

Odds are you don't have hundreds of millions of consumer credit card records in your system. But the odds are equally good that it would take a lot less than a hundred million dollar security nightmare to bring your company down.