Businesses are increasingly tasked with processing more and more electronic information. This can be especially...
burdensome for small and medium-sized businesses (SMBs) because of their size and manpower. If their data protection strategies fail, they may be just one click away from disaster. It's a valid possibility that the organization could be held liable if personal data is disclosed to an unauthorized person. The business could also suffer the loss of customers, revenue and reputation.
Most organizations want to do the right thing and are interested in proper controls. Some may just feel overwhelmed by the day-to-day demands of business. A survey performed by CIO magazine found that 14% of respondents said their company had not taken any steps to protect customer information. If you are one of that 14%, take a look at these five basic steps to help get your data protection strategies off on a proactive footing:
- Review state and local laws: First examine any state or federal data protection laws that your organization may be subject to and make sure you are compliant. Some states, such as California, have strict privacy laws dictating businesses responsibilities while in position of customer information. More than 450 privacy-related bills have been introduced in state legislatures in just the last several years.
- Implement technology to protect the information: Make a solid data protection effort. Policies mean nothing unless organizations actually follow up and implement security controls. A commitment to data privacy means the organization has expended the funds necessary to adequately secure the data.
Customer data is a valuable corporate asset and as such deserves a sufficient level of protection. Customers expect steps to be taken to protect their personal information. In doing so, you are not only meeting expectations but also placing yourself ahead of the competition. If this is something that your organization has put off, now is the time.
Michael Gregg has been involved in IT and network security for more than 15 years. His current responsibilities include performing security assessments and evaluations for corporate and government entities. He has served as the developer of high-level security classes, contributed to several books and study guides and has taught classes for many fortune 500 companies. To comment on this story, email firstname.lastname@example.org.