3 min read

Tips for Reducing the Risk of Data Privacy Breaches

Oct 30, 2013 4:22:00 AM

cyber securityDuring 2012, 55 percent of small businesses experienced at least one data privacy breach and 53 percent encountered multiple breaches, according to the Ponemon Institute. Despite this, the National Small Business Cybersecurity Study found that only 10 percent of small businesses have an allocated staff member who is responsible for online and cyber security.

To further aggravate the problem, many small companies have a 'bring your own device' (BYOD) policy, and workers own (and bring to work) more devices than ever before - including laptops, cell phones, and tablet computers. Skilled hackers can access a network through a company email account and extract or erase sensitive data, and you are susceptible whether you are storing data through a cloud service or internally.

There is an obvious need to take greater steps to reduce data privacy breaches. The good news is that there are a few steps you can take to dramatically reduce the risk of a data privacy breach.

1. Store sensitive data securely

Removable storage devices, including thumb drives and CDs, should be kept with paper files in a secure area such as a locked cabinet, drawer, or safe. Restrict access to these areas to only those who have the need for the information.

2. Create a comprehensive network security policy

Your network security policy should:

· Make sure all employees, partners, and owners have a solid understanding of what data the business has and owns, and which is shareable.

· Specify changing the network password periodically while ensuring that no employees are saving passwords on handwritten notes or within computer files.

· Feature standards for remote access to the network.

Remind employees of details of the policy on a regular basis to avoid an unintentional data privacy breach.

3. Use data protection tools

You can assume that cyber thieves will be experts at finding weaknesses in your system. Installing and regularly testing encryption software is essential to protect data that is on a computer and being transmitted. You should also install a firewall to secure against unauthorized access between your network and the Internet. Solutions can be inexpensive or can cost thousands of dollars to protect highly sensitive data.

4. Conduct background checks

One of the main causes of a privacy data breach is workers, vendors, or contractors. You should conduct a background check on anyone who needs to access your confidential information. You can then create levels of users within the network and assign appropriate access. Everyday tasks, like checking emails, should always be completed through a separate rights account than the one used for accessing confidential data.

5. Properly dispose of sensitive data

You cannot simply reuse or recycle equipment and documents without taking security measures. Papers containing sensitive data must be shredded and devices cleared of information. This may seem obvious, but improperly deleting data from computers and storage devices is a common mistake that can lead a hacker to uncover information you thought no longer existed.

6. Get covered with insurance

Even if you have taken all of the above steps, you are never completely safe from a data privacy breach. Use a third party to build a risk management program that will protect you from the costs of cyber liability.

7. Develop an incident response plan

An incident response plan should include details about where and how confidential information is stored, how data is backed up, and who has access to the data. It should also feature a list of contacts whom you will need to notify immediately such as law firms, credit monitoring companies, forensic data experts, and public relations firms. Responding quickly to an attack will help you get back on your feet as soon as possible and minimize the damages.

Data privacy breaches are not just inconvenient - the cost to recover from them can be significant and the interruption to the normal flow of your business substantial. By taking the necessary steps, you can greatly reduce the risk of a data privacy breach to your business.

Image credit: ra2studio / 123RF Stock Photo

New Call-to-action

Topics: Risk Management

Written by Gibson

Gibson is a firm of advisors and consultants that help clients get to the proactive side of insurance. We specialize in working with companies looking to find their edge—where they are growing as an organization, differentiating themselves in the marketplace, and preparing for current and future risk. Together we will find the perfect combination of insurance and consulting.