US Working Toward Standardized Penalties for Data Breaches

Last month the US Senate’s Judiciary Committee approved three bills that deal with data breaches.  Those three bills where, The Personal Data Privacy and Security Act of 2011, The Personal Data Protection and Breach Accountability Act of 2011 and the Data Breach Notification Act of 2011.  The gist of all these acts is that the government is working toward a standardized practice of requiring notification of data breaches and a standardization of penalties for companies that have data breaches.  What this means for business is that it is now very important for you to take as many precautions as you can to secure your clients’ private data.  Firewalls, antivirus software, IT consultants, encryptions, company internet usage policies and password protections are all key parts of securing your business for data breaches. 

Even if all the preventative measures are in place, your business still runs that risk of a data breach.  That is where insurance products can help protect your business.  Insurance products can’t help protect your data but they can protect your company’s money by helping pay for data breach notification costs, third party lawsuits filed against your company for breach of client’s personal information and the cost to restore lost data.

As the government moves to a more standardized notification requirement and penalties for data breaches, companies that hold private information should also be working toward setting up strong data security measures as well as put in place insurance products to help protect their company’s hard earned money.

Be Cautious When Using Smart Devices

Mobile devices used by you personally or provided by your business or employer offer wonderful advantages to make you more productive, but they come with potential hazards. Security breaches either by accident or intentional "hacking" can put your personal information and/or your business information at risk.

Most corporate security types say the biggest issues involve personal mobile devices use to "hack" into corporate servers and data bases. Data encryption and passwords are highly recommended along with the ability to wipe out data from a Smartphone or tablet issued by the company. The latter can be extremely helpful in the event a personal Smartphone is stolen, and the corporate IT people want to wipe the phone of all secure access information remotely. Some corporations allow access to company data through personal mobile devices but only with devices that were provided by the corporation. Some corporations are requiring employees to register personal devices with corporate security/data processing so they can control how their corporate data is being accessed. All of these precautions are highly recommended by Fey Insurance.

It isn't just the business world that faces possible problems with personal smart phones, iPads, etc. accessing data. Accessing your personal and private financial information via Smartphone, iPads, etc can also be an issue. Many people have their banking applications on their devices as well as applications that have all their stored passwords. A lost device could result in access to your personal bank accounts and do a lot of financial damage. Password protecting your devices is key. The more passwords and protection you employ the better in protecting you and your family from potential financial ruin. Apple iPhones have tracking capabilities so if your phone is lost you can use your personal computer or another iPhone to track its location. They also allow you to wipe the phones clean of all data and make them useless to anyone who might find the lost phone and want to cause serious problems with your data.

If you have further questions, consult your Smartphone or table manufacturer, your phone service carrier or your corporate IT/security people for help.

Protecting Your Customer's Sensitive Information

Businesses subject to the Financial Modernization Act of 1999 (also know as the Graham-Leach-Bliley Act) are required to comply with provisions that protect personal and financial information to maintain the trust and confidence of their customers.

Companies should develop a written information security plan that describes, among other things, the specific ways their employees should protect consumer information.

Sloppy handling of personal and identifying information can be devastating to a small business. A breach of security of this information can lead to personal identification theft of customers, and can open the company up to liability. The loss of reputation alone can destroy an otherwise successful company. So how can your company take steps to protect your customer’s information? Here are five steps that you might consider implementing:

1. Create a paper trail that documents your operations. Once you know where the trail starts and ends, you can analyze each step and develop a plan ensuring security of information. Limit access to sensitive data when possible and dispose of sensitive documents by shredding.

2. Electronic data should be protected with passwords and encryption.

3. If you use third-party services in the process of taking care of your customers, make sure they adhere to strict privacy standards. Ask for a copy of their privacy guidelines.

4. Regularly communicate with employees regarding your company’s privacy activities. Reference compliance within your employee handbook.

5. Have a plan to guide you if there is a breach of security. Know who to contact, what data to protect and how long it should take to plug the gap. You should also have a plan for notifying affected customers in the event of a breach.

Secure Data with Dropbox

I recently posted an article about data loss and the risk of losing hard to restore information from your computer. In the article it was mentioned that we would share a few more specific examples of ways to protect your computer data from total loss. One example of securing your data and backing it up is a service called Dropbox. Dropbox is a cloud like program. This means that all your computer data is safely secured on different Dropbox servers throughout the country as well as on your personal computer. If your personal computer ever suffered a hard drive crash, was stolen or was damaged in a fire all you would need to do is replace your computer and download all your data from the Dropbox servers. You can do 2GB of storage for free or pay $9.99 a month for 50GB of storage. If 50GB is still not enough you can pay $19.99 a month for 100GB of storage.

When you install Dropbox on your computer it creates a folder that you can copy and past your files into. You can copy and past document, video, music files, etc. When you place these items into the Dropbox folder on your computer it then syncs the information with the Dropbox servers via an internet connection. If you have multiple devices like iPads, iPhones or if everyone in your family has a different laptop you can all share one account and load each device’s information into the same Dropbox account. It then syncs and backs up all devices. This also allows you to access each others information from any device via the Dropbox folder on your computer, mobile device or even a special website that is created for each account. Not only does it back up and secure your information it also makes it easier to access from anywhere.

Dropbox is probably better fit for personal use. Depending on the size of your business it may not be the best option as it does have a 100GB storage limit. I will be sure to post soon about how businesses can best secure their data as well as have some future posts on how to use insurance products to help restore your data.

Data Loss

If a fire where to occur at your business it is relatively easy to replace desks, chairs, decorations and even computers and network systems. The part that is very difficult to replace is data. Every business has data. Whether it is your computerized bookkeeping, client management data and software, important electronic documents or your Outlook calendar, they all serve as a vital part of your business and would leave you at a loss without them. With items like office furniture and computers you can go out and purchase replacements with very little difficulty. Data, however, is something that is specifically created over time and when lost is very difficult to recreate or replace.

There are two suggestions that I would like to share in this blog article. The first is securing your data either through backup tapes, off site backup or cloud computing. The second is insurance protection to help pay for the cost of recreating your data or extracting your data from damaged computer hardware.

The first suggestion of securing your data is probably the most reliable and sure fire way to prevent the nightmare of lost data. There are so many offerings out there of companies like Mozy that help to back up your business servers and data off site. If a fire destroys the server in your office all you would need to do is buy a new server, download your data from the offsite backup system and you are up and running again. Cloud computing is another offsite way to secure data. Instead of your data being stored on computers in your office they are stored on specialty servers throughout the country. All you are doing each time you access the data is pulling up the information via online so if a fire renders your computer useless you just purchase another computer, login to your online cloud and access your data. Backup tapes are probably the least effective because they require you to remember to take them offsite and require you to remember to update the tapes on a regular basis.

Insurance is the second suggestion on how to prevent data loss. One caveat about this topic is that technology is constantly changing and insurance companies are always trying to catch up with how to best insure this moving target. There are currently specialty coverages out there that help an insured pay for the costs of salvaging lost data. Coverage can be added to business policies that help pay for the forensic work that would need to be done on a fire damaged hard drive that possible still stores your company’s data. Some insurance products help you to repurchase lost software programs that can be very costly to replace. There are times when you need to hire extra staff for a short period to help reestablish your bookkeeping after a fire. Insurance can help pay for this extra cost.

In future blog post we will be sure to focus on what the actual insurance products are that can help protect the loss of your data and we will also write more on data backup services as well. In the mean time, work with your IT departments or consultants to figure out the best cost effective way to secure your data as well as talk with your insurance agent to figure out how to best insure your data.