Every business must be able to identify the likeliest source of a data security breach so that they can also identify how to prevent it. Is it an executive’s laptop computer, the copy machine or the office’s wireless network? Could it be something else? Since the first step to preventing a data security breach is understanding the risk, it’s time to learn more about your business’s sensitive data.
Effective data security starts by assessing the kind of information a business has and identifying who has access to it. Evaluating data security vulnerabilities requires an understanding of how sensitive data moves into, through, and out of a business, and who has or could have access to it. Here are some tips from the Federal Trade Commission.
Take an inventory of all devices and equipment capable of storing sensitive data, such as laptop computers, mobile devices, flash drives, off-site servers, disks and digital copiers. Do employees work from home? If so, add their home computers to the list.
The type and location of sensitive data should also be inventoried. Don’t stop with the office’s filing cabinets and computer systems. Sensitive data may also be received from other sources, such as websites, contractors or call centers. Every possible source and destination for sensitive data must be considered.
Track Sensitive Data
It is important to know how the business obtains, stores, shares and disposes of sensitive data. Every department should be consulted, including sales, information technology, human resources and accounting. Don’t forget about contractors and other third-party service providers.
This process should provide a business with a thorough understanding of:
- Who provides sensitive data? Does it come from customers, credit card companies, banks or other financial institutions, credit bureaus, job applicants, contractors, third-party service providers?
- How is sensitive data received? Does it come via phone, fax, mail or email? Is there a website designed to request and receive sensitive data? Are there any other possible entry points?
- What kind of sensitive data is collected? Do business operations require or permit collecting financial information (credit cards, bank accounts, credit reports), personally identifying information (drivers’ licenses, social security numbers) or medical information?
- Where is sensitive data stored? Is it kept on disks, tapes, laptops, smartphones, tablets or other mobile devices? Employees’ personal computers or mobile devices? Where are data backups and copies stored?
- Who can access sensitive data? Is access to sensitive data limited to only those who need it? Are there security measures in place? Is sensitive data protected against unauthorized access by contractors or other third-party service providers?
Throughout this process, pay particular attention to certain kinds of sensitive data. Identity thieves typically look for social security numbers, credit card and other financial information.
Organizations should also consider protecting against data security breaches with insurance.Various cyber liability products are available to protect against privacy injuries, such as identity theft, and to cover the cost of complying with various data breach notice laws. Given the complexity of the risk, an experienced insurance agent should be consulted to ensure that adequate coverage is obtained. If you would like to learn more about insuring against data security breaches, contact us.
If you would like to subscribe to our newsletters please click here.