Bartlett Group

In January, as many as 100 million credit card records were exposed when it was discovered that hackers broke into the network of a credit card processor and in October, the personal information of more than 70 million U.S. military veterans was compromised when an improperly erased hard drive was sent out for repair. Despite the significant risks that many businesses are exposed to, a recent survey of IT practitioners revealed that nearly three quarters do not believe their company views data security as a top strategic initiative nor regard their organizations as being proactive in managing privacy and data protection risks.

The consequences of a data breach can be far reaching including lost income, privacy lawsuits and theft of personal and proprietary business assets. The ramifications also denigrate a company's brand. With consumers and regulators demanding more control over sensitive data than ever, it is clear that it's time to start protecting your company's customer data, core intellectual property, trade secrets, and regulated data.

There are a number of steps you can take to mitigate the risk of a data breach including:

• Assess the risk—there are several questions you should answer when assessing company data loss prevention: What is our most sensitive data and what controls are currently in place? What regulations apply to our data e.g. PCI DSS? Do employees, contractors, suppliers and other stakeholders understand their role in protecting company data?
• Data protection policies and procedures—develop corporate-wide policies and procedures with input from IT, legal, administrative and operations personnel. They should include the collection, access, use, transit, storage, archival, and destruction of data. The policies should be effectively disseminated to employees and contractors throughout the organization and included as part of staff inductions. 70% of all data breaches are from inside the company, many of which can be prevented through effective education and training.

• Network Security—there are backdoors, open ports and other threats which can mean the unauthorized access of your data. Today's technology makes it more important than ever that you stay on top of what goes in and out of your network. Engaging with an outside computer and network security specialist to evaluate your network security will enable you to assess vulnerabilities and take appropriate action to close gaps.
• Control Hardware—notepads, laptops, PDAs and other mobile devices present additional challenges. The mobility of data increases the likelihood of data breaches, delivering a serious blow to businesses. Encryption of sensitive files, cables to prevent computers from being easily stolen, disabling USB ports on workstations and other computer security practices can form part of your company's security requirements.
• Monitor compliance and update—effectively monitoring your organization's compliance with policies and procedures enables you to identify and address areas of weakness in your data loss prevention framework. A policy placed on the company intranet but never read is no use at all. Data protection policies should be revised and updated annually.

Many insurance companies have developed products to help businesses deal with the expense involved in the notification and remedial process of data theft. To have a more detailed discussion about how a data breach could affect your business please contact us.