With every swipe of a credit card this holiday season, consumers put their faith in the companies that process and store their information. Yet, it is no secret that data breaches are on the rise, hitting companies large and small. Massive data breaches recently struck Target and Home Depot, to just name a few, and these two breaches alone affected hundreds of millions of consumers and cost the companies hundreds of millions of dollars. Sony Pictures is still reeling from a data breach this month that exposed the private information of thousands of Sony employees. With the New Year almost upon us, now is a good time for companies to take stock of their data security practices to ensure that they start 2015 on the right foot. Not only is data breach prevention good business, it is also required by many state, federal, and international laws.
Here are five tips for companies to safeguard their sensitive data:
- Conduct a comprehensive risk assessment. You can’t protect the unknown. The first step to effective data breach prevention is understanding what types of data the company stores, where it is, what is being done to protect it, and what are the risks if the data is stolen.
- Keep only what you need. Hackers can’t steal what you don’t have. Take stock of what information the company has and weigh the benefit of keeping the data against the risk of theft. The company should have a good reason for keeping sensitive information.
- Create a written data security policy. Document the company’s data security procedures and requirements. This will help confirm that everyone is on the same page and employees are aware of their roles and responsibilities. Such policies help protect the company in the event of a breach and are required by most state and federal data security laws.
- Plan for the inevitable with a detailed breach response plan. When a data breach occurs, time is of the essence. The company must quickly act to contain the breach, investigate its cause, and mitigate the damage. At the same time, state and federal laws require prompt notification to those affected. A comprehensive breach response plan will allow the company to act accordingly. A key component of breach response preparedness is having agreements already in place with both legal counsel and a vendor to handle breach diagnostics, correction, and notification.
- Hold vendors to the same standards. Data storage vendors, such as cloud service providers, offer a cost effective alternative to handling everything in-house. The company must trust that the vendor will properly secure the data. Vendor contracts should clearly set forth the vendor’s security procedures and each party’s obligations. Data breach insurance is one way companies can manage the risk involved with vendors.
While implementing these steps takes time and resources in the short term, they can help safeguard the health of your company for years to come.