5 Ways to Protect Your Company’s Information from a Data Security Breach

“[I]n 2012, data breaches cost American companies an average of $188 per lost record, and $5.4 million per incident.” (ID Experts)

What do the University of Virginia, Apple, Cedars-Sinai Medical Center, Ubuntu, and the Texas Health Harris Methodist Hospital have in common? Among other things, all have been recent victims of data breaches.

And, as we know, data breaches can carry a high price: fines and penalties, increased scrutiny by lawmakers, damage to credibility, or outright loss of hard-earned customers, to name a few…

Here are five ways your company from a breach in the first place:

1. Encrypt sensitive employee and customer data:

“The [recent California Attorney General data breach] report found that 45 percent of the breaches ‘were largely the result of failures to adopt or carry out appropriate security measures,’ and in particular, ‘a failure to encrypt sensitive data when it is in transit on portable devices or in emails.’ To address these breaches, the Attorney General recommended that companies encrypt digital personal information on mobile media or when otherwise sending it out of their own networks and prioritize data security in employee training.” (Ropes & Gray)

2. Obtain cyber insurance coverage:

“A complete understanding of the company’s insurance program is key to maximizing protection against cyber risk. Indeed, in the wake of ‘more frequent and severe cyber incidents,’ the Securities and Exchange Commission’s Division of Corporation Finance has issued guidance on cyber security disclosures under the federal securities laws and has advised that companies ‘should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents’ and that ‘appropriate disclosures may include,’ among other things, a ‘[d]escription of relevant insurance coverage.’” (K&L Gates)

3. Develop – and enforce – employee BYOD security policies:

“One of the most obvious challenges associated with BYOD [(Bring Your Own Device)] is the inherent lack of control an employer has over an employee’s personal mobile devices. This lack of control can lead to increased data breaches, privacy violations, and exposure to viruses, malware, and data theft. Compounding these risks is the fact that almost half of all workers that utilize their own personal devices for work admit to not even taking the most basic security precautions, such as using password protection on their devices.” (McNees Wallace & Nurick)

4. Develop a plan for responding to a breach:

“Outreach plans need to be in place so that affected parties can take immediate measures to protect themselves in the wake of a breach. The IT, legal, and communications teams need to work together beforehand to ensure that accurate information about a potential breach can be shared with law enforcement and the general public – without adding to the legal and brand liabilities at play. Organizations need to know the journalists and bloggers who cover data security issues in their industries and develop relationships with those influential voices before they are needed.” (LEVICK)

5. Promptly investigate suspicious activity:

“If employees suspect a security breach, investigate it immediately. Containment — stopping the access to or distribution of personal information — is the first priority. A computer forensic expert can assist in determining whether personal information was involved in the data breach and identify the affected persons. Meanwhile, legal counsel should address potential regulatory violations, ensure that evidence is preserved for use in court or an agency investigation, consider liability of third party providers and determine whether breach notification is required and how notice will be accomplished, including timing, content and method of notice.” (Schnader)

Additional resource: a 142-page guide that will help you navigate the maze of state data breach notification rules if (and when) a breach does occur:

[Link: Security Breach Notification Chart – Perkins Coie]

The updates:

Read additional updates on Data Breaches at JD Supra Law News>>