Posted In: Cybersecurity & Data Privacy & Cybersecurity & Data Privacy
Corporate TIPS Blog: Our Top Five Cybersecurity Tips for 2020
on December 18, 2019
Disruptive Innovation—two words that should remain top of mind as you plan your company’s cybersecurity for 2020. In the business technology world, namely in data privacy and security, we have been all over the map between the United States and the European Union. At home, we’ve had to contend with the nuances of the California Consumer Protection Act (CCPA) and the Ohio Data Protection Act (ODPA). Abroad, the focus has been on the reach of the EU’s General Data Protection Regulation (GDPR). In the health care technology sector, the Office of Inspector General saw the highest number of HIPAA breaches in its history this year. It is safe to say that between Facebook, Google, and other social media platforms’ data privacy concerns and credit card theft, nearly everyone has data privacy and security on their radar. Thanks to innovation, many new products and solutions create a DIY environment with simple user interfaces. But, smarter, more sophisticated hacker organizations are beating us at this game, and so we have to get more creative and more disruptive to responsibly manage our business data.
Here are TIPS to consider in your 2020 plans:
- Don’t Bury Your Head In The Sand. Many companies believe that CCPA and GDPR do not apply to them because they do not do business in California or overseas. However, before your business makes that claim, be sure to check with your IT and legal counsel to ensure that is true. Website traffic, even if unintended for California or EU citizens, can subject you to either or both of these laws. ODPA provides an affirmative defense if you voluntarily choose to comply – don’t leave this valuable liability limitation tool standing on the sideline.
- Do A Security Risk Assessment. Work with your IT personnel to perform a general assessment on your customer data. It may seem tedious and moot, but without knowing where you are today, you cannot ensure you are as protected as you need to be. Answer questions such as, which applications store customer data, where are servers stored, and do you have appropriate network security to ensure that someone in your parking lot is not getting onto your Wi-Fi without permission?
- Assemble Your Team. Start by gathering a team of key people including IT professionals, legal counsel, public relations, accounting, and other top-level management. In our August blog post, “’Seal Team Fix’: Who’s on Your Cybersecurity Task Force?”, we listed the essential team members you should consider. Perhaps that list is shorter in a smaller company. Nonetheless, schedule regular meetings and make sure each team member understands their role in your company’s cybersecurity plan.
- Educate Your Employees. Oftentimes security breaches occur by well-meaning employees trying to do their jobs. Teach your employees how to spot a phishing email and how to respond. Test them periodically to ensure appropriate responses and use those opportunities to educate.
- Create An Incident Response Plan. This does not have to be long and detailed, but you need a plan. At the least have a list of your key support team members readily available that includes legal, IT, financial institutions, top level executives, and others — and preferably not on your servers which may be locked down.
Our Corporate Practice Group can help your company develop a plan, be a part of the process and verification, as well as partner to coordinate your data privacy and security needs, among many other business services. If you would like more information, please contact us.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2024 Brouse McDowell. All rights reserved.