With the headlines coming out seemingly daily about data breaches at companies, there’s a tendency to feel a bit overwhelmed with the problem.
And while a data breach regarding your employees is something that may not be as imminent as one involving credit cards, it still represents a major threat to your business.
This week, I have two presentations on the subject. But in case you can’t make it, here’s a sneak peek at four things you can do now before you have a data breach.
- Establish and implement a written data breach response policy. This policy will be more blueprint, than policy. The best ones I’ve seen are in a spreadsheet format and identify a team of individuals who are already identified in case of a data breach, with roles and responsibilities clearly defined. Notably too, you should also have outside IT consultants and a legal team identified as well.
- Conduct a review of your systems and data, and understand where your confidential information resides. You won’t know if you keep your data (particularly data regarding your employees) secure unless you figure out what you have and what protections are in place.
- Conduct regular risk assessment for your company, your contractors & vendors and other business partners. Don’t just stop at figuring out where your data resides, but understand where you data goes. If data is sent outside the company, is it encrypted when it is sent? For example, how is employee benefit information transmitted?
- Establish frequent privacy and security awareness trainings as part of an ongoing program. Telling employees when they start about privacy policies isn’t good enough anymore. Regular training and followup is needed to ensure that your employees don’t provide an easy back door for your data to exit from.
If you’re interested in the subject, I would recommend attendance at one of the two programs I’ll be at.
On Wednesday, I’ll be at the National Retail Federation’s HR Executive Summit in Chicago speaking at “Protecting Your Digital Secret Sauce” at 10:15a along with representatives from Walgreens and McDonalds. Moderated by Miller Canfield’s Adam Forman, the program description is as follows:
High profile credit card data breaches at several prominent retailers have recently made national headlines, impacting the retailers’ brand and shaking their customers’ confidence. Credit card data breaches, however, are only the tip of the iceberg. There are a whole host of related issues that are bubbling beneath the surface, many of which are within the direct control of your employees. This panel of industry experts will discuss these issues and identify practical steps to take should your organization data become compromised.
On Thursday, I’ll be at the joint program between Shipman & Goodwin and the Connecticut chapter of SHRM entitled “Raiders of the Data Ark: Data Privacy and Cybersecurity Summit.” There are still a few spots open for registration. Attendance is strong for this program, please be sure to sign up today or tomorrow so we can lock in the space.