Five Tips to Help Companies Protect Themselves from Data Breaches

0
1112
(image from www.bluecoat.com) | CC BY-SA 2.0
By Steve Bychowski of Foley
Hoag
With every swipe of a credit card this holiday season, consumers put their
faith in the companies that process and store their information.  Yet, it is no secret that data breaches are on the rise, hitting companies large and small. 
Massive data breaches recently struck Target and Home Depot, to just
name a few, and these two breaches alone affected hundreds of millions of
consumers and cost the companies hundreds of millions of dollars.  Sony Pictures is still reeling from a data breach this month that exposed the private information of thousands of Sony employees.  With the New Year almost upon us, now is a good time for companies to take stock of their data security practices to ensure that they start 2015 on the right foot.  Not only is data breach prevention good business, it is also required by many state, federal, and international laws. 
 
Here are five tips for companies to safeguard their sensitive data. 
 
  1. Conduct a comprehensive riskassessment.You can’t protect the unknown. 
    The first step to effective data breach prevention is understanding what types of data the company stores, where it is, what is being done to protect it, and what are the
    risks if the data is stolen.
  2. Keep only what you need
    Hackers can’t steal what you don’t have.  Take stock of what information
    the company has and weigh the benefit of keeping the data against the risk of
    theft.  The company should have a good reason for keeping sensitive
    information.
  3. Create a written data security
    policy
    .  Document the company’s data security procedures and
    requirements.  This will help confirm that everyone is on the same page
    and employees are aware of their roles and responsibilities.  Such
    policies help protect the company in the event of a breach and are required by
    most state and federal data security laws.
  4. Plan for the inevitable with a detailed breach response plan
    When a data breach occurs, time is of the essence.  The company must quickly act to contain the breach, investigate its cause, and mitigate the damage.  At the same
    time, state and federal laws require prompt notification to those
    affected.  A comprehensive breach response plan will allow the company to
    act accordingly.  A key component of breach response preparedness is
    having agreements already in place with both legal counsel and a vendor to
    handle breach diagnostics, correction, and notification.
  5. Hold vendors to the same standards.  Data storage vendors, such as cloud service providers, offer a cost effective alternative to handling everything in-house.  The
    company must trust that the vendor will properly secure the data.  Vendor
    contracts should clearly set forth the vendor’s security procedures and each
    party’s obligations.  Data breach insurance is one way companies can
    manage the risk involved with vendors.  

 

While
implementing these steps takes time and resources in the short term, they can
help safeguard the health of your company for years to come. 

Original post can be found here.