Thursday, December 12, 2013

Data Security and Breach Notification Act of 2013 & Information Security Tips

American IT departments' decisions could inadvertently put organizations at risk of an information security breach if they don't have sufficient protocols for the disposal of old electronic devices...
Despite the many public wake-up calls, most American organizations continue to be complacent about securing their electronic media and hard drives...

Congress is hoping to hold businesses accountable for the protection of confidential information with the introduction of the Data Security and Breach Notification Act of 2013, which will require organizations that acquire, maintain, store or utilize personal information to protect and secure this data. (q.v.)

Mitigation tips:
  • Think prevention, not reaction.
  • Put portable policies in place for employees with a laptop, tablet or smartphone to minimize the risk of a security compromise while traveling;
  • Protect electronic data. Ensure that obsolete electronic records are protected as well. (Remember, all that data was somewhere else before it became electronic data. Protect that too.)
  • Create a culture of security. Train all employees on information security best practices... Explain why it's important, and conduct regular security audits (including TSCM) of your office to assess security performance. (more)