Most businesses retain sensitive personal information such as names, social security numbers, financial statements, credit card information, or other account data that identifies customers or employees. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. A security breach can tarnish your customers’ trust and perhaps even lead to a lawsuit. The truth is, safeguarding personal data is a must. Statutes like the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security measures for sensitive information.
So, what can you do to boost your data and security hygiene? The answer is simple- start taking security seriously!
We recommend deep diving into how your business uses, acquires, and stores data. If you can understand the lifecycle of data and how it travels within your ecosystem, then you can fine-tune ways of securing it. Protecting your data from breaches, hackers, and creating a plan to respond to security incidents is a must for today’s businesses. So, where do you begin?
Back in 2013 U.S. President Barack Obama signed Executive Order (EO) 13636. The EO spoke to the nations vulnerable infrastructure and the need for a proactive cybersecurity framework for the private sector to embrace and the public sector to follow. A contract was awarded to the National Institute of Standards and Technology (NIST) and a year later, in 2014, the organization released a 41-page introduction to their framework. The Framework presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation level. The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.
If you’re ready to start taking security seriously, start by understanding how your business uses, acquires, and stores data then build your own security policy and solution using the NIST framework. Together we can make a difference.
Do you need assistance building your business security policy and standards? We would be happy to help!
Reference
https://www.govinfo.gov/content/pkg/FR-2013-02-19/pdf/2013-03915.pdf
https://www.nist.gov/system/files/documents/cyberframework/cybersecurity-framework-021214.pdf
https://www.nist.gov/sites/default/files/images/2018/05/01/cybersecurity-flyer-graphic.png
https://www.fdic.gov/regulations/compliance/manual/8/viii-1.1.pdf
https://www.consumer.ftc.gov/articles/pdf-0096-fair-credit-reporting-act.pdf
https://www.ftc.gov/system/files/documents/statutes/fair-credit-reporting-act/545a_fair-credit-reporting-act-0918.pdf
https://www.ftc.gov/sites/default/files/documents/statutes/federal-trade-commission-act/ftc_act_incorporatingus_safe_web_act.pdf
