Cyber Security — 4 Strategies to Prepare Your Business

 

Updated Sept. 19, 2012

Yet another data-breach bill has been introduced in the U.S. Senate that would regulate how businesses behave – informing customers when their personal information has been stolen.

Businesses would have to tell victims the date of the security breach, what personal information was stolen, and how to contact the breach company for more information.

The bill encompasses covers driver’s license numbers, financial account information including credit and debit cards, and security codes. The penalty would be fines as much as $500,000. The bill is stuck in a committee.

On behalf of himself and four other senators, Sen. Pat Toomey (R-Pa.) introduced the bill. The others: Sens. Olympia Snowe (Maine), Jim DeMint (S.C.), Roy Blunt (Mo.) and Dean Heller (Nev.). It’s called the Data Security and Breach Notification Act of 2012.

On a daily basis, there have been headlines about cyber crime, such as: “Senate Committee Approves Data Breach Bills Despite Heavy Opposition.”

Other data security and privacy bills were passed in the Senate Judiciary Committee in the face of vehement opposition from Republican members. The multiple bills will be merged into one bill for debate before the full Senate.

The proponents’ goal in Congress is to require companies and federal agencies to protect consumer data, and to pass a national-notification law for data-breach reporting.

Currently, there are a myriad of state laws controlling what businesses must do if their data is breached. Each state has its own requirements. Those laws would take a backseat to any federal law, unless the individual state laws require particular protections and programs to help victims.

Incredibly, Sen. Chuck Grassley (R-Iowa) maintains such an umbrella federal law would be overkill, and would unfairly burden small businesses. Even as a business-performance consultant for small to medium size companies, I differ.

No one wants to see small businesses be hampered, but they need to pay the price of benefiting from such commerce. The right thing to do is to take proper precautions, and to communicate with customers if there’s any evidence of a data breach. And I’d want to consider the potential damage to a company’s reputation. Being lax in security is not acceptable. It’s a sales-opportunity cost.

Global headache

As noted here before, cyber crime is a widespread nightmare, including medical breaches: Why Many Healthcare Workers Are Responsible for Alarming Trend: Medical ID Theft.

‎Indeed, consider another 2011 breach – the major personal breach of Tricare’s data by a vendor, Science Applications International Corp. It was the breach of unencrypted backup tapes – medical records of some 4.9 million military-personnel patients for the last 19 years. Data includes addresses, Social Security numbers, telephone numbers and more.

What? The company failed to encrypt the data?

Astonishingly, the vendor claims the risks are minimal because it would require additional insider information about the company’s software and hardware. I question such an assertion, too.

“A security breach is like a heart attack or stroke,” warns a nationally known cyber security expert, Dr. Stan Stahl.

“It’s often the things you do first that determine whether the patient lives or dies,” he says. “Doing these right things first depends on management having a clear understanding of the implications of their choices along with the information they need to choose between alternatives.”

He offers an example: “Do we put this server back into production right away because our people need to work on it or do we first preserve any evidence it might contain?” he asks.

He quotes President Dwight Eisenhower: “When going into battle, planning is essential but plans are worthless.”

Obviously, common sense is warranted.

While the Senate debates this vital issue, it’s important to take precautions:

1. Be mindful of your state’s legal requirements.
2. Make certain you’re using the latest security measures.
3. Be prepared with a response strategy in the event of a breach.
4. Tell your customers what you’re doing to solve the issue, and give them ample opportunity to get in touch with your company.

That’s the right thing to do.

Dr. Stahl’s links:

• Informative security blog
• His Web site

From the Coach’s Corner, there are countless cyber-security tips in this portal’s Tech section, including:

• Security Precautions to Take Following Citibank’s Second Reported Online Breach
• Our Mobile-Banking Warnings about Security Prove Prophetic

“All violations of essential privacy are brutalizing.”

 -Katharine Fullerton Gerould

 

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.