Safeguard Your Information  – Herb Brychta, PSP, CISSP – AE Works, Manager, Security Risk Management

How much information about you can strangers freely access? How much access do you grant social networks to your personal information?  And do you have a contingency plan in place if a breach happens?

Data Privacy Day (January 28^th) encourages you to look at these details, ask these types of questions and to look after and protect your privacy.   Answering these questions is relevant to safeguard both your business and personal info.

Data breaches have affected some big organizations – Target, Home Depot, Ebay, the Office of Personnel Management, just to name a few.   It’s a safe assumption that you and yours have at least as much vulnerability as the above-mentioned organizations.  Without the resources of the federal government or a billion-dollar company, how do you secure your data?  And if a breach does happen, how do you recover?

First and foremost, accept that being hacked is a real threat that all types of organizations and individuals face in today’s increasingly digital world – and plan accordingly. Look at the type of information your organization retains on employees and customers.  Ask yourself the following questions:

• Does the company really need this information? If not – get rid of it.  Treat personal data like gasoline.  Use it for its intended purpose but otherwise don’t have it just sitting around.
• If you do need to retain personal data, are you complying with applicable privacy laws? If not, your organization is at additional risk.
• Finally, do you have a contingency plan for when you are breached? There are notification timelines that must be adhered to if you have a data breach that involves personal information.  There may also be legal ramifications.

See the following articles for additional information on protecting your data:

• https://www.bankinfosecurity.com/data-breach-lawsuits-fail-a-8213
• http://www.businessinsider.com/sc/data-breaches-cost-us-businesses-7-million-2017-4

Similar questions can be applied to your personal situation:

• Does this company I’m about to do business with really need this information? Ask why they need it and what they intend to do with it.
• Does this social media site really need my address and birthdate?
• What happens if I am hacked? Do you have proper safeguards in place with banks, email service providers, etc.?  Do you retain offline (or even paper) copies of important files?
• Most of all – please stop using your debit card for anything other than ATM withdrawals. The reasons for this can fill an entire article.

Stay tuned for more helpful info in future blog posts from AE Works’ Security Risk Manager!

For more information on AE Works’ Security Risk Management services and to see how we can help assess your facility vulnerabilities and protect what’s important:  https://ae-works.com/what/security-risk-management/

Interested in learning more about how a threat and vulnerability assessments of your facilities can benefit your organization?  Our team can be reached at aeworksinfo@ae-works.com