We’ve covered the importance of security policies—specifically as they relate to thumb drives. When it comes to security, though, thumb drives are only a small part of what is hopefully an all-encompassing set of guidelines meant to keep your business secure from data breaches.
What we have for today is a few simple tips for keeping your business secure and sensitive information safe.
The Big Points
Liability can be thought of as a 99% written policy; any written policies you have can mitigate your business’ risk in the event of a data breach.
Keeping up with security policies isn’t just important because of civil liability, though: really, it’s the law. Federal laws regulating data security and security policies include:
- FACTA
- HIPAA
- The Gramm-Leach-Bliley Act (GLBA)
- More, including a plethora of state and local laws
The government is very clear on where it stands regarding businesses keeping consumers’ data safe, so having clear policies in place is absolutely essential.
In addition, some of the laws mentioned above lay out guidelines for the security of sensitive consumer information detail things like:
- Shredding
- Throwing away computers
- Electronic filing
Though there are a plethora of laws that detail what companies should be putting in their security policies, all are focused on one main thing: the secure storage of sensitive information.
Don’t Forget the Small Things
In writing out policies for securing information, it can be easy to let nontraditional devices slip through the cracks. Such devices include:
- Thumb drives
- Copiers
- Personal devices (cell phones, iPads, etc.)
Because your company’s security procedures should be as comprehensive as possible, it’s important not to forget just how big of a risk even something as seemingly insignificant as a thumb drive can be.
Written Policy = Compliance
As we mentioned above, some 99% of liability actually can actually be thought of in terms of written policy. Much of what’s in your business’ written policy dictates how liable you are in the event of a security breach, so making sure you have all of your bases covered is absolutely critical.
Written policy also helps get you well on your way to compliance with federal law. Though actually living out those written procedures is important, too, everything starts with written rules. Under the Omnibus Rule of HITECH, lack of written policies and procedures for document and data disposal are likely to be interpreted as negligent and place the organization into the highest level of fines (3 levels) under HIPAA.
At DataShield, we can make sure your business’ written policies are up to speed. Our compliance consulting will ensure that your company is doing things right in terms of the rules you lay out, which is absolutely essential for security. Contact us today for more information.
