Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Data: Big, Borderless and Beyond Control? Five Things You Can Do

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Employee Privacy, Security

Written by Amy Malone

There’s been a lot of talk about big data over the last few years and the breaches at Target and Neiman Marcus have many companies running in circles trying to figure out how to protect their systems and their data.  So what are some of the big issues in our current technology landscape?

According to  Information Risk: Managing Digital Assets in a New Technology Landscape, a report by The Economist Intelligence Unit, which is based on the survey of 341 senior business leaders in a total of 18 industries, the major issues which have elevated the risks faced by companies are “greater collaboration and data sharing with other companies…as these trends create ‘borderless’ information beyond control of the individual company.”

Most, if not all, companies rely on third parties to provide some type of business function. These vendors range in shapes and sizes and can be the target of cyber-attacks, which if successful, can lead to the theft of your company’s information.  Historically, smaller companies have not been the target of sophisticated cyber-attacks, but those companies are often vendors to larger companies and are now seen as “back doors” into the companies they service (the Target breach is a perfect example).

Third parties are not the only issue, as technology such as bring your own device (BYOD) creates a “perimeter-less” organization that IT departments struggle to protect.

Protection is extremely important, especially considering that of those surveyed the value of information their company held was between 10-50% of the company’s total assets.  Protecting the data is protecting the company’s assets.

So, how can your company tackle the issue?

  • Don’t Silo IT – Many companies see data security as an IT problem.  To effectively arm your organization against data security threats you need to realize that IT is only one piece in an effective information risk management. Of those surveyed 36% said that “employee carelessness” was the top risk their organization faces.  IT “fixes” can help at times, but education and training around privacy and information security is necessary to lower the risk that employee mistakes pose.
  • Develop Data Retention and Deletion Policies and Procedures – The less information you have, the less information that can be lost or stolen through employee carelessness or hacks.
  • Pay Attention to High-Profile Attacks- Use high-profile attacks like Target to underline the importance of data security and win the support of executives and board members.  Providing these examples to all employees will hammer home why data security is such an important topic.
  • Know Your Business – Understanding how information is collected, used and shared within your company is essential in creating a robust privacy and data security program.  Remember, this is an ongoing assignment – every time your business develops a new product or changes an existing one, you may be changing how you collect, use and share information.
  • Review Your Vendors – Conducting period reviews of your vendors (and  your vendor’s vendors) will help your organization assess the risk.  This risk assessment will dictate what vendors you choose/keep and what vendors you walk away from.  Also, be sure to include privacy and data security clauses in your vendor contracts.