We’ve all read the news about data breaches. The financial consequences and reputation damage have been widely reported. As the ones who watch over the company’s financial performance, controllers and CFOs must manage all components that impact the bottom line and that includes corporate data.
5 Practical Steps
Security industry experts state that data breaches are unavoidable. It’s not a question of “if” companies will become victims of a data breach, but “when.” However, there are five practical steps a business can take to help protect against data breaches and mitigate the potential harm in the event of a breach.
- Perform an inventory
It is critical to inventory the locations that store personally identifiable information (PII). PII is defined as information that can be used on its own or with other information to identify, a specific person. Determine which PII your business requires, what data is collected, how the data is secured and who has access to the data and under what circumstances. Basically – you can’t protect what you don’t know you have.
- Encrypt computers
It is a best practice to encrypt all laptops and publicly accessible desktop computers. Encryption doesn’t prevent intrusion, but it does make the data unreadable and unusable by an intruder. Encryption software is affordable and highly effective in protecting data. Consider using a data encryption method that is FIPS certified (Federal Information Processing Standard), which means it has been certified for compliance with federal government security protocols.
- Implement an intrusion detection system
An intrusion detection system is a device or application that monitors network activities for malicious activity. Intrusion detection is very different from intrusion prevention, which is handled mostly by firewalls and login credentials.
- Develop a data breach response plan
The plan should document the names of the response team members, including outside vendors such as the attorney, forensic accounting and/or IT security firm and insurance broker. The plan should also document the steps to assess the scope of the breach, and establish guidelines for notification.
- Train your staff
Expand staff training to include the appropriate use of your computer systems, assessing and transferring data, safe web browsing rules, and how to identify threats such as phishing. Ensure that all staff are trained to recognize suspicious activity and that they are familiar with the company’s data security plan.
A data breach can have consequences that include not only the direct costs for attorneys and forensic experts, but also the indirect costs resulting in the loss of customers and damage to your brand. Take action now to secure your important data and mitigate the potential harm in the event of a breach.
Julie Eisenhauer and Peter Henley will delve further into this topic during their education session, “What are the Controller’s and CFO’s Roles in Data Security?” at the 2015 Annual Convention & Tradeshow. Their session will be on Friday, October 23 at 3:30 p.m.
Julie Eisenhauer is an audit and assurance shareholder at Clark Nuber PS. jeisenhauer@clarknuber.com, @EisenhauerJulie. Peter Henley is a senior director of IT at Clark Nuber PS. phenley@clarknuber.com, @peterhenley.
