Why is data security important?
Our relationships with the carriers work for your benefit
Data security is extremely important in today’s world, where all kinds of information, much of it personal, is transmitted and available for people who don’t have our best interests at heart.
According to leading developers of technology protection tools, there has been a significant upswing in the concentration of hackers targeting PERSONAL INFORMATION, ostensibly for the use of identity theft.
Why is data security important? Because YOUR information is important. Your CUSTOMERS information is important. Your EMPLOYEES information is important. Your CHILDREN’s information is important. And you BUSINESS information is important.
Not protecting this information sufficiently can have very real and tragic consequences.
What are the costs of NOT complying?
If you ask TJX, the costs of non-compliance were catastrophic. After millions of dollars of fines and irreperable damage to their reputation (which costs them business, make no mistake), TJX is still trying to dig themselves out of the breach of security several years later, still at significant cost.
Most companies won’t ever reach that scale of exposure, but the numbers are still very real. Estimates vary, but the cost can range from between 150-200 dollars PER PERSON whose information is exposed/stolen, and you are responsible for it through negligence or otherwise.
How is that figure determined? Beyond fines for not complying with local or federal regulations (PCI, Red Flag, HIPAA, over 40 states have breach regulations, including MA 201 CMR 17.00), the most major required costs are attorney’s fees and customer notification, as well as incorporating new systems to safeguard against a breach from occurring again. Throw in increased support costs as you manage your existing customers, not to mention any additional marketing you may have to do to repair your good name.
How do I determine if I’m protected?
There are several ways that you can be exposed, above and beyond technology compliance. Education and training are vital to your organization’s security policy. Physical controls, such as whether information exists in written form that isn’t properly secured, are also necessary.
That being said, once you educate and lock down your file cabinets, your company’s data is in all likelihood in electronic form – and as such is exposed in a variety of ways. What are some of the questions you can ask yourself? Here are a few:
- Do I take non-cash payments (checks, credit cards)?
- Do I collect personal information from my customers or employees? (Social Security Numbers, Drivers License Numbers, DOB, etc)
- Am I on the Internet with an always-on connection? ie T1, cable modem, DSL
- Do I use any vendors, customers, partners or employees that I allow to connect to my system?
- When was the last time I looked at my Security program in terms of my Server? My firewall? My Antivirus/Anti-malware application(s)?
Chances are, if you are running a company, that these questions uncover significant exposures that YOU will be liable for if lost or stolen.
What regulations do I need to comply with?
Depending on the industry in which you find yourself, various regulations are in place. Data Security has become an increasingly prevalent requirement to protect consumers AND businesses.
Chances are you’ve heard of HIPAA which protects your health information, but you may not know that most states have now implemented Breach Notification laws that apply to their residents. In other words, if a resident’s information is exposed, you have a legal duty to notify them of their rights and recourses to protect their personal information.
In addition to the State laws and regulations, there are some federal rules that apply to certain industries and practices. The one that probably impacts most companies, regardless of size, is PCI compliance, which regulates credit card processing.
What do I do next?
There are several things you can do to protect yourself. One of the most important is to do an audit of your existing security policy. If you don’t have one, create one – or if you don’t think you have the time or ability to provide a good one, hire a consultant to come in and help you. Try working with a company like 180Advance, who will come in and perform a pre-assessment to give you a snapshot of the likely costs of getting up to speed.
No matter what kind of security policy you implement, the cost of ONE breach may be more than most companies can afford. Fortunately, there are now a host of products to help insure you.