Large data breaches are increasingly in the news and, in addition to being costly to remedy, may lead to company liability in the courts. The latest significant data breach was announced on September 7, 2017: Equifax, one of the United States’ three main credit reporting agencies, reported that it has been hacked. The hackers accessed names, Social Security numbers, personal ID numbers, birth dates, addresses, and, in some cases, driver’s license numbers and credit card numbers during summer 2017. The breach affects over 140 million U.S. consumers.
No matter how sophisticated your business may be, taking steps to minimize data breach risks is critical to ensure your business avoids and survives an attack. Lack of or lax adherence to company policies concerning password security and treatment of suspicious emails are among the top two causes of data breaches. Among the safety measures your company should implement and assure compliance with are the following:
- Monitor insider behavior/establish employee exit strategies: Data loss prevention technologies where you can set rules and, based on those rules, (a) block content that you do not want to leave the network, and (b) replay insider online behavior is of high value in breach prevention.
- Create clear procedures for use of personal electronic devices, remote network access, and on- and off-site data storage: Your standards for data security must be applied to all of your personnel, regardless of location
- Routinely evaluate and update of software and network security/deploy intrusion detection and download monitoring: Intrusion detection and prevention should be used for all systems that are accessible via the internet, such as web servers, email systems, servers that house customer or employee data.
- Minimize and purge data: Reduce the number of employees that have access to at-risk information; do not collect or store information that is not relevant to your business.
- Actively manage outside vendors: Define your security requirements upfront with vendors. Remember that third-party service providers may be required to maintain appropriate security measures in compliance with various government regulations.
These are only a few of the measures you should be assessing and employing for your business. For more information on cybersecurity programs, breach response, tabletop exercises, breach preparedness or planning, consult with your Ally Law member firm. Ally Law member firm attorneys can analyze your company’s needs – and data security vulnerabilities – to help you devise a data security program specific to your business. For more information about our services in this area, contact us at email@example.com.