April 27, 2012
Many of you, your companies and your employees, have been the victim of hacking, subject to computer viruses, or had your identity stolen. Perhaps your data or communications have found their way into unintended hands. For many of us, electronic devices and electronic media are our primary ways of communication and storage. We are in a brave new world in which electronically stored information is not always afforded the appropriate level of protection. Most companies and employers maintain private, sensitive, confidential, and otherwise valuable information about the company, its employees, and its customers, and when that information gets in the wrong hands, the ramifications can be significant.
Employees who previously talked about work over a beer at the local pub, are now posting, pinging, and ichatting. Employees may travel with smartphones, iPads, laptops, tablets, or perhaps flash drives that either contain critical data or serve as a gateway to your computer system. In addition to taking steps to minimize the risk, your business should have a plan in place if your data is compromised. This includes knowing where your sensitive data is stored, knowing who has access to it (and how), having a system which will alert you if there is a breach, being able to contain that breach, and knowing what your legal obligations are. One way to be prepared is to confer with your insurance broker ahead of time to determine whether to purchase an insurance policy that might limit your expenses and possible exposure if your data is compromised.
Your company’s data is at risk in many ways. Perhaps your employees are not setting passwords on their equipment, or their passwords are easily broken or their laptops have been lost or stolen. Perhaps flash drives are not being tracked or are not encrypted. Criminals may be taking advantage of open wireless networks, home computers used for business access, or tablets that are momentarily left unattended. A person who wants access will likely be able to get it, and this could mean access to many types of stored information including customer contact and purchase history data, employee information, tax documents, business plans, home addresses, payroll numbers, and information that is simply embarrassing. You do not want to be known for permitting this type of information to fall into the wrong hands. Simple steps should be taken, such as requiring strong passwords, using thumb print readers and security tokens, requiring employees to frequently change their passwords and to turn off their computers at night, using tracking devices, and being able to remotely wipe the data stored on equipment. Keeping a data storage inventory can also help minimize your risk. Ensuring that obsolete and broken equipment is handled appropriately is critical. Educating your workforce about the methods used by hackers to access their systems using viruses, spyware, and other techniques is also important.
Every day companies get hacked and identities are stolen. It is an epidemic. A crisis management plan is critical, so be proactive before you get hacked. Atkinson, Andelson, Loya, Ruud & Romo’s Data Security and Privacy Team (DSPT) can help guide you through this brave new world and help you manage your data and privacy issues to best avoid litigation and a public relations nightmare. This is the first in a two part series, the next DSPT Alert will address technology issues in the workplace.