This article, written by Kate Gluck and Paul Fuller of SIS and published by ACT, offers nine practical tips for agencies to follow to protect against data breaches, that can destroy an agency’s reputation and cost a lot of money to remedy. Some of the tips, like avoiding public wi-fi when possible and changing passwords often are very easy to implement. Others, like setting up VPN security measures or TLS email encryption, will require a bit more work to implement. Regardless, if you haven’t taken steps to protect your data, there is no better time than the present.
Benjamin Franklin once said that distrust and caution are the parents of security. The expression seems remarkably fresh and relevant in today’s world, especially when it comes to protecting sensitive client data.
In fact, this caution is becoming more and more necessary. In an age of highly portable data (and of increasing identity theft), independent agents have an ever-increasing responsibility to keep a lock on their client data. State and federal privacy and data breach notification laws and regulations (e.g., Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA)) put pressure on you to keep your clients’ sensitive personal data safe. Even more important, if a data breach were to occur, your company’s reputation would take a nosedive.
In an attempt to simplify a complex area, this article will touch on nine things – some basic and some not-so-basic – that an agency can do to mitigate risk of a data security breach.