Think about the private information your business’s computers, laptops, copy machines and printers hold. Now, think about what happens to that data when the equipment is disposed of, stolen, lost or returned to the leasing company. Who is responsible for making sure Social Security numbers, bank accounts and the like stay out of the wrong hands?
Recent multimillion-dollar settlements put the responsibility on the company’s shoulders, not the thief or the leasing firm, or even the recycling company that threw your assets on a truck and hauled them away.
AvMed, a health plan company, recently agreed to pay a $3 million settlement to customers whose information was compromised. Two encrypted laptops with private data on 1.2 million AvMed members were stolen.
The settlement amount represents the percentage of the premiums AvMed should have spent on data security. Even those who weren’t identity theft victims received payment since the courts expect a portion of their premiums to go toward protecting private information.
The lesson: Customers have a right to expect companies they do business with to allocate funds toward data security as a cost of doing business. This settlement involved a health care company, but sets a precedent for all industries.
So what can businesses do to help ensure that their data is taken care of appropriately, thus staving off the likelihood of a lawsuit? Consider the five steps below:
1. Increase staff awareness // Your employees (including any contractors or consultants) are your first line of defense. Simply being aware of the risk of exposing access to things like laptops, removable disc drives and thumb drives will help reduce the likelihood of “human error” leading to a data breach.
2. Create security policies// Does your mobile workforce access sensitive data from the neighborhood Panera during lunch? Do they change passwords on their notebooks, laptops and other devices at least every 60 days? Outlining policies on how and where data is accessed can help keep your business safe.
3. Conduct a security audit// You can’t create good policy until you understand risks. If you don’t have this capacity internally, make it a priority to find a partner that does. Your entire IT infrastructure and all of your IT assets need to be monitored and accounted for, from purchase to destruction.
4. Use encrypted backup sources// Backing up is important to make sure you don’t lose sensitive data. Using encrypted backup sources will help make sure you don’t lose sensitive data to hackers or anyone else that shouldn’t be seeing it. Even discs and thumb drives can be encrypted.
5. Partner with certified ITAD vendors//Anyone can pull up a truck and drive off with your end-of-life hardware. Certified IT asset disposal (ITAD) partners will follow zero-landfill policies, and will account for your assets from receipt until decommission, with certificates of destruction for every item.
The idea of a data breach turning into a lawsuit is a reality that business owners must prepare for. An ounce of prevention is worth a pound (or a few million) of cure.
Think about the private information your business’s computers, laptops, copy machines and printers hold. Now, think about what happens to that data when the equipment is disposed of, stolen, lost or returned to the leasing company. Who is responsible for making sure Social Security numbers, bank accounts and the like stay out of the wrong hands?
Recent multimillion-dollar settlements put the responsibility on the company’s shoulders, not the thief or the leasing firm, or even the recycling company that threw your assets on a truck and hauled them away.
AvMed, a health plan company, recently agreed to pay a $3 million settlement to customers whose information was compromised. Two encrypted laptops with private data on 1.2 million AvMed members were stolen.
The settlement amount represents the percentage of the premiums AvMed should have spent on data security. Even those who weren’t identity theft victims received payment since the courts expect a portion of their premiums to go toward protecting private information.
The lesson: Customers have a right to expect companies they do business with to allocate funds toward data security as a cost of doing business. This settlement involved a health care company, but sets a precedent for all industries.
So what can businesses do to help ensure that their data is taken care of appropriately, thus staving off the likelihood of a lawsuit? Consider the five steps below:
|
1. Increase staff awareness // Your employees (including any contractors or consultants) are your first line of defense. Simply being aware of the risk of exposing access to things like laptops, removable disc drives and thumb drives will help reduce the likelihood of “human error” leading to a data breach.
|
2. Create security policies// Does your mobile workforce access sensitive data from the neighborhood Panera during lunch? Do they change passwords on their notebooks, laptops and other devices at least every 60 days? Outlining policies on how and where data is accessed can help keep your business safe.
|
3. Conduct a security audit// You can’t create good policy until you understand risks. If you don’t have this capacity internally, make it a priority to find a partner that does. Your entire IT infrastructure and all of your IT assets need to be monitored and accounted for, from purchase to destruction.
|
4. Use encrypted backup sources// Backing up is important to make sure you don’t lose sensitive data. Using encrypted backup sources will help make sure you don’t lose sensitive data to hackers or anyone else that shouldn’t be seeing it. Even discs and thumb drives can be encrypted.
|
5. Partner with certified ITAD vendors//Anyone can pull up a truck and drive off with your end-of-life hardware. Certified IT asset disposal (ITAD) partners will follow zero-landfill policies, and will account for your assets from receipt until decommission, with certificates of destruction for every item.
The idea of a data breach turning into a lawsuit is a reality that business owners must prepare for. An ounce of prevention is worth a pound (or a few million) of cure.
Gary Agness is vice president at Synetic Technologies, a Kansas City-based IT asset disposal (ITAD) and IT asset management (ITAM) firm specializing in data security and responsible
e-waste recycling. www.synetictechnologies.com