Your business could be at risk
Read
Did you know that your business may be held responsible if your clients’ sensitive identifying information is stolen from you? Depending on your industry, a variety of federal and state laws have been enacted which impose fines on companies who customer files are breached.
Seems pretty unfair, right? If your company is victimized, how can you be held to blame?
With the volume of electronic transactions increasing dramatically, it is almost impossible to be in business and not collect or hold personal identifying information — names and addresses, Social Security numbers, credit card numbers, or other account numbers –- about your customers, employees, business partners, students, or patients. The risk that personal identifiable information will be breached puts your customers at risk of identity theft, one of the fastest growing crimes in America.
To encourage businesses to address the increasing risks, several federal and state laws have been enacted and new laws are currently being considered. Penalties range from fines of $100 per violation (which means for each individual record!) to loss of federal funding.
So what can you do to protect your data and your customers? Effective internal controls are key.
The combination of hardware and software will not prevent data breaches; technology is just one piece of security. Effective internal controls, security procedures and proper training are critical as well. Protection plans should address four key elements:
- Physical security, including building and computer room controls. Who can get in, and when?
- Electronic security, including encryption, access controls.
- Employee training on security awareness
- The security practices of contractors and service providers: data protection clauses in contracts, monitoring.
Breaches can happen and no program is infallible. But instituting a privacy and security program to protect personal identifiable information will help you manage your business privacy risks, protect your bottom-line and develop the most cost-effective ways to protect sensitive information.
Read the full article
Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.