All organizations, regardless of size or industry, have digital data to protect. This includes customer data, employee data, financial data, medical data, confidential business information, and intellectual property.
In the last year, the pandemic has forced many businesses to increase their electronic engagement with employees, customers, and suppliers, which has created a broader range of digital data susceptible to cyberthreats. Responding to a customer data breach can cost hundreds of thousands, if not millions, of dollars to address. The loss in brand confidence and reputation is incalculable.
What can businesses do? Develop a cybersecurity strategy to prevent breaches before they occur and contain them if they do.
What is data security?
Data security is the protection of digital information from unauthorized access, corruption or theft. A data security practice encompasses every aspect of securing information: physical security of storage devices, digital access controls, and organizational policies and procedures. Robust protocols secure information from outside threats, such as hacking, virus threats, fakesourcing, and phishing, as well as inside misuse and corruption. A strong data security policy employs protocols that are both technical (encryption, tokenization, data masking, redaction) and procedural (controlling access and retention of sensitive data).
Data security also implicates business obligations to protect customers’ private or confidential information as well as the business’s own proprietary information. For example, companies must handle in specific ways any identifying information about customers or website visitors it may obtain. Many laws and regulations create legal notice, use, and opt-out requirements for businesses in both regulated and non-regulated industries, often regardless of company size or revenue.
The pandemic has increased cybersecurity challenges. The Idaho Attorney General’s office reports that, since the beginning of the pandemic, phishing email scams are up 667%, 90% of the tens of thousands of new Coronavirus-related web domains are scams, and ransomware attacks have increased 72%.
What is the law?
Unfortunately, there is no single national law that creates a cybersecurity checklist. There are federal statutes, some general and some industry-specific; state laws that address privacy, data security, and data breach responses; and even international laws that affect many U.S. companies. For example:
To develop a data security protocol, companies should begin by evaluating several factors:
Other measures to consider include designating a security officer, conducting a risk assessment, implementing security protocols, continually monitoring your data security program, and creating privacy notices.
There are multiple sources online to assist your company in developing a cybersecurity strategy. For example, the National Institute of Standards and Technology created a Preliminary Cybersecurity Framework to help guide businesses develop a cybersecurity strategy. The State of Idaho maintains a website focused on helping Idahoans understand cybersecurity.
Cybersecurity strategies help businesses meet primary pandemic business concerns: maintaining revenue, strengthening customer relationships, preserving employee structures, and staying afloat. A strategic investment in cybersecurity is manageable and worth it.