By Steve Bychowski of Foley Hoag
With every swipe of a credit card this holiday season, consumers put their faith in the companies that process and store their information. Yet, it is no secret that data breaches are on the rise, hitting companies large and small. Massive data breaches recently struck Target and Home Depot, to just name a few, and these two breaches alone affected hundreds of millions of consumers and cost the companies hundreds of millions of dollars. Sony Pictures is still reeling from a data breach this month that exposed the private information of thousands of Sony employees. With the New Year almost upon us, now is a good time for companies to take stock of their data security practices to ensure that they start 2015 on the right foot. Not only is data breach prevention good business, it is also required by many state, federal, and international laws. Here are five tips for companies to safeguard their sensitive data.
- Conduct a comprehensive risk
assessment. You can’t protect the unknown. The first step to
effective data breach prevention is understanding what types of data the
company stores, where it is, what is being done to protect it, and what are the
risks if the data is stolen.
- Keep only what you need.
Hackers can’t steal what you don’t have. Take stock of what information
the company has and weigh the benefit of keeping the data against the risk of
theft. The company should have a good reason for keeping sensitive
- Create a written data security
policy. Document the company’s data security procedures and
requirements. This will help confirm that everyone is on the same page
and employees are aware of their roles and responsibilities. Such
policies help protect the company in the event of a breach and are required by
most state and federal data security laws.
- Plan for the inevitable with a
detailed breach response plan. When a data breach
occurs, time is of the essence. The company must quickly act to contain
the breach, investigate its cause, and mitigate the damage. At the same
time, state and federal laws require prompt notification to those
affected. A comprehensive breach response plan will allow the company to
act accordingly. A key component of breach response preparedness is
having agreements already in place with both legal counsel and a vendor to
handle breach diagnostics, correction, and notification.
- Hold vendors to the same standards. Data storage vendors, such as cloud service providers, offer a cost effective alternative to handling everything in-house. The company must trust that the vendor will properly secure the data. Vendor contracts should clearly set forth the vendor’s security procedures and each party’s obligations. Data breach insurance is one way companies can manage the risk involved with vendors.
While implementing these steps takes time and resources in the short term, they can help safeguard the health of your company for years to come.
Original post can be found here.