This annual campaign is an effort by the U.S. Department of Homeland Security to raise awareness about data security threats.
The Privacy & Data Security Group at McNees urges you on this occasion to consider whether your organization is adequately prepared for a data breach. John Chambers, the former CEO of Cisco Systems, once commented: “There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.” A report this week from Beazley, a cyber-liability insurer, revealed that ransomware attacks on businesses have quadrupled in 2016 over last year. As hackers grow continually more sophisticated and cybercrime efforts grow more common, it is nearly inevitable that your organization eventually will confront the new reality of a data breach.
If your company already has comprehensive data security policies, remind your company’s employees of the importance of protecting personally identifiable information (“PII”) that your organization collects and maintains regarding customers and employees. The most common types of PII breaches typically involve the loss or theft of PII by an employee or third party.
If you have been “burying your head in the sand” on data security, take this opportunity to consider working with qualified attorneys to develop a data security policy and breach response plan. Surveys have concluded that such proactive approaches, together with cyber insurance policies, are the most effective methods to reduce liability for data breaches. If you do not already have a policy, McNees’s data security lawyers can help you prepare.
Our analysis begins by determining which federal and state laws regulate your industry’s PII use, handling, sharing, storage, and protection. We can identify what notification laws apply in case you suffer a data breach and can assist you in identifying weaknesses in how you store and dispose of data. We can also assist you with the following:
-
Determine gaps in the administrative, technical and physical safeguards you have in place that guard against improper access to data;
-
Create policies to guide your employees in the care and handling of sensitive information and place workable limitations on remote access to data and removal of data from company premises;
-
Evaluate the security of data centers and physical equipment; and
-
Provide insight on the use of passwords, oversight of company vendors and service providers, as well as the use of mobile devices by employees.
When you find out that a data breach has occurred, it is essential you have a plan in place to quickly and thoroughly execute a response that will limit your exposure and comply with applicable notification requirements. Having such a plan will allow your organization to minimize the risk of litigation and government fines, and, most importantly, will help to preserve your customer relationships and your business.
