Concerns about data security, and the potential liability to
those organizations and businesses that manage customer data, are
increasing. This effects nearly business
of every size and, increasingly, in every sector.
When some of the federal laws were first passed to protect
sensitive customer data, they were targeted at the financial and health care
sectors. Now, state governments are also
taking action and, in many cases, those laws are more sweeping. You also may have contractual obligations
with your payment processor if your organization processes credit cards.
While most not-for-profits and small businesses carry
General Liability insurance policies, that coverage will not typically extend
to the type of electronic fraud that we are all exposed to on a daily
basis. In addition to the potential
legal and fiscal liability, we also need to be aware of the toll a data breach
would take on our organizations in terms of lost efficiency and loss of our
members’ or customers’ trust.
What can you do? Some
basic steps we can all take immediately are:
·
Never process credit cards over wireless
computer connections.
·
Limit access to sensitive data to only those
employees that need to access it, and make sure it is password-protected.
·
Get insurance coverage specifically for this
exposure. Travelers offers a Wrap
CyberRisk policy and there may be others like it.
·
Re-evaluate your online banking needs and
processes. Every computer access point
is a potential exposure. If you must
bank online, limit all such activities to a computer specifically for that
purpose that is not used for anything else (especially email or surfing the
internet).
·
Never store sensitive customer data on portable
storage devices like laptops or thumb drives as these are frequently stolen or
lost.
·
Make sure you have virus and spam protection on
all of your PCs and a firewall on your server.
·
If possible, do not store customer credit card
data in your office or on your computers.
These are just a few basic steps you can take. Every organization of any size should make
sure it has a complete understanding of all potentially sensitive data it is
storing, and a comprehensive written plan in place for managing it. A good place to start is the guide from
Element Payment Services at http://www.elementps.com/pci-compliance-guide/ You will need to provide your contact
information to get this one, but it’s
worth it. A very extensive report
compiled by the Center for Strategic and International Studies is available for
download at http://www.sans.org/critical-security-controls/
-Kim Robinson
In my situation, I always make sure to isolate sensitive data and keep it on selected computers and/or servers. If possible, I cut it off from the rest of the data network. To quote Mr. Jon Heimerl, the Director of Strategic Security for Solutionary Inc.: "The fewer copies of data you have, the easier it is to protect."
ReplyDeletePalo Alto accreditations are planned to guarantee people have the right stuff and information to adequately offer, keep up, and execute Palo Alto arrangements and items that will definitely surpass the fulfillment of the client. "http://www.gurufocus.com/news/455893/is-palo-altos-recent-drop-an-opportunity-to-buy
ReplyDelete"