Tips to Protect Your Company from a Data Breach
With the news reporting data breaches on a daily basis, it's important to ensure your company does not become a victim of cyber crime. Here are a few suggestions to help your company protect itself and clients:
- Know What You Have: Identify and inventory all physical devices and systems you have, including equipment (leased or owned) that you maintain offsite. List all software platforms and applications used in operations, specifying the versions used and on which pieces of equipment the software is being used.
- Identify Sensitive Information You Store Electronically: Sensitive information includes personal identifying information concerning your customers, vendors and employees, and confidential information you store concerning intellectual property, your outside vendors and third parties. Know if and how all information is encrypted and at what point(s) in the business process.
- Know What Your Computer System Controls: Depending on your business, your computer system can control not only access to information, but your company's (and possibly, clients') infrastructure systems.
- Restrict Access: Access to confidential information should be restricted. Know which of your employees and non-employees have access, and what they have access to. For such people, consider appropriate written agreements with them to limit your exposure to "internal" breaches.
- Assess Your Legal Obligations: Consider the following - Do you have the right to collect and retain information concerning your customers, vendors, business partners and employees? Are there legal restrictions on your ability to use information you obtain from your customers, vendors, business partners and employees? What are your legal obligations to protect the information you have obtained from your customers, vendors, business partners and employees?
- Determine How Your Outsourced Functions Deal With Cyber Risks: You may be liable for any breaches to your outsourcing partners' networks. If you have outsourcing partners handling any data concerning your customers, you should inquire and/or audit their systems to assure that they are using best-business-practice procedures in securing your business data in their systems.
- Create a Risk Management Strategy: Management must prioritize what is the most important information in your company's computer network, implement appropriate technical, administrative and other controls, and prepare a response plan in the event of a breach.
- Create A Network of Relationships With Experts: Time is of the essence following a serious data breach. You can respond more quickly, cheaply and effectively if you already have relationships with experts you can call and who will respond quickly.
- Determine Your Insurance Needs: Traditional business insurance typically does not cover losses from cybersecurity breaches. Many insurance carriers offer cybersecurity policies. These policies vary and you should determine what insurance coverage is best for your company's needs.
- Create A Written Cybersecurity Policy: Such a policy should identify who has access, and what those persons are authorized to do with data in your network, and what should be done if a breach is suspected of having occurred. Each employee and outsourcing partner should be given a copy of these policies and procedures.
Source: Common Sense Tips to Protect Your Company From a Data Breach, by Keith S. Braun, Steven S. Rubin, and Jonathan A. Trafimow of Moritt, Hock & Hamroff LLP (July 16, 2014).
Tia Chisholm, HUB International TRANSPORTATION
HUB International TRANSPORTATION specialists are based in Vancouver. Our longstanding relationships with the best providers in the business allow us to deliver the solution that serve you best. With HUB, you can run your business knowing that you are headed in the right direction.