Seven tips on how your business can protect its sensitive digital information

Christine Marciano
Poste: 
President of Cyber Data Risk Managers, an Independent Insurance Agency specializing in Data Privacy, Cyber Liability risk, D&O insurance and (IP) Intellectual Property protection.

It’s no longer a matter of if a data breach will happen, or who it will happen to as it can happen to any small, midsize or large business, organization or government. When a data breach happens, a business needs to respond quickly and all too often businesses are not prepared for how to respond to a data breach. It’s also important to realize that security policies and procedures are not “one size fits all” packages that a business can add to its cart and click purchase and be done with. If a business is taking this approach the likelihood of a data breach happening surely increases. While it’s important for every business to protect its sensitive digital information, they must first conduct a risk assessment to locate, identify and classify the sensitive digital information it owns to help reduce data privacy and breach risks. If you do not know what high risk-data it collects, where the data is stored or has determined the data’s sensitivity level how can you implement sound security policies and procedures?

After a risk assessment is conducted, a business is then ready to create its security policies and procedures. Once security policies and procedures are implemented and in place, a business should also conduct a vulnerability assessment. A vulnerability assessment is a critical element of a company’s risk management plan, as businesses can only determine the risk of activities being conducted within the organization once such an assessment is completed.

Here are 7 ways in which your business can protect is sensitive digital information:

1. Implement privacy and security policies and procedures.

Once your business implements its privacy and security policies and procedures, be sure to enforce them. As part of the on-going process of defining and maintaining effective security policies include an ongoing plan for employee awareness/ training and include periodic scheduled security audits (as applicable).

2. Encryption.

Some data does not need to be secure. For the data that does, encrypt it. It’s especially important that businesses encrypt sensitive data that is stored on mobile devices. If a mobile device is lost or stolen, encryption offers a business peace of mind and guaranteed protection.

3. Cyber insurance.

While cyber insurance can’t prevent a data breach from happening or protect sensitive digital information from being exposed, it offers a comprehensive solution to respond to a cyber attack and/or a data breach. It may offer coverage such as (depending on the specific policies and endorsements): crisis management and customer notification expenses, credit/identity theft monitoring, privacy and security liability, loss of business income (subject to 12 hour waiting period), privacy regulatory defense and penalties, computer forensics investigation, and a “Data Breach Coach” (aka “Privacy” attorney).

4. Review service provider contacts.

Planning to utilize the cloud? Be sure to read your cloud service provider’s (SLA) Service Level Agreement carefully to avoid any surprises when it comes to storing sensitive digital information in the cloud. It is highly advisable to review a cloud provider’s SLA with an attorney who specializes in cloud SLAs to help your business determine how sensitive data will be protected in the cloud and what happens in the event of a data breach.

5. Secure your databases.

According to a recent Verizon Data Breach Investigations Report, more than 92 percent of records breached involve a database. Consider a data security solution that offers virtual patching and real-time protection for business-critical databases from all types of threats: external, internal, and even intra-database exploits.

6. Manage your employees (BYOD) “bring your own” mobile devices and (BYOC) “bring your own” cloud.

It is a critical element to incorporate “BYOD” and “BYOC” into your company policies and procedures to minimize data privacy and breach risks. With personal mobile devices being used in business today, make sure you inform your employees what is and what is not acceptable. Quite often, out of pure convenience employees will use free cloud services as a way to transfer sensitive and confidential business data, leaving your business vulnerable. Make sure you account for this vulnerability in your polices and procedures and in your employee security awareness and training programs.

7. Backup and recovery.

When planning a backup strategy, some things to consider are: How important or sensitive is the data on your systems? What type of information does the data contain? How often does the data change? How quickly do you need to recover the data? Do you need to store back ups off-site?

While no security policy or system can promise a magic wand and offer 100% assurance in preventing a cyber attack and/or a data breach from happening, the above tips offer businesses of any size a great amount of information to think about.

 

Biographie: 
Christine has over 17 years of experience working in various roles within the Insurance and Financial Services industry. She has held positions at CIBC Oppenheimer, Axa Advisors and Allstate Insurance Company. As a fully licensed Insurance Agent, Christine specializes in Cyber/Data Security and in helping businesses and organizations create a Data Breach response plan through utilization of a Cyber Security/Data Breach insurance policy. Christine is a member of the International Association of Privacy Professionals (IAPP) and is a Certified Information Privacy Professional (CIPP/US). Christine has developed a diverse and rapidly expanding network of Information Security, Technology and Privacy industry Professionals. Christine thinks outside of the box and keeps ahead of industry trends. She greatly values her clients and industry partner professionals and is quickly being recognized as the ‘go to’ source for Cyber Security/Data Breach insurance.
  • My comment
  • Comments [5]

Add new comment

09.27.2014 | fleck water softener wrote:

Have you ever considered publishing an ebook or guest authoring on other sites?
I have a blog centered on the same subjects you discuss and would love to have you share some stories/information. I know my visitors would enjoy your work.
If you are even remotely interested, feel free to send me an e-mail.

10.24.2014 | water softener parts wrote:

Great blog here! Also your site loads up very fast!
What web host are you using? Can I get your affiliate link to your
host? I wish my site loaded up as quickly as yours lol

10.30.2014 | Fleck Water Softener wrote:

For newest information you have to go to see innternet
and on world-wide-web I found this web site aas a most excellent site for newest updates.

11.03.2014 | Fleck Water Softener wrote:

Goood pst however I was wanting to know iff you could write a litte more on this topic?
I'd be very grateful if you could elaborate a litttle
bit further. Bless you!

11.12.2014 | water filtration wrote:

Now I am rready to do my breakfast, later than having my breakfast coming oover again to read oother news.