TRICARE in Trouble Again- More Lawsuits to Face
No organization can afford to take the risk of inadequate data protection. Protecting sensitive data should be a top priority for businesses, because a data breach can not only turn out to be very expensive, but can also result in embarrassment and additional scrutiny. So it is important to take a proactive approach to prevent breaches rather than just reacting to breach incidents. Brian Dean, an adviser at DataBreachToday and a senior HIPAA and privacy consultant, offers eight key steps that can help prevent breaches by minimizing risks:
- Minimize the amount of data collected. It’s important to challenge the rationale for collecting data because most often organizations collect data even without the consumer’s knowledge. So it is essential that only data that will add value to the business is collected.
- Retain minimal data. Data storage is not always a cheap option. The cost of retaining data can go much beyond storage, to include back-up, security, and breach resolution. So every business should have a data retention policy that would clearly support business objectives, using a logical framework to limit the amount and duration of data retention.
- Maintain a Data Inventory. Every team in an organization maintains data in different forms, and in different applications or devices. It is therefore essential to maintain a current business data flow diagram that can catch the flow of data to vendors. A data inventory that will demonstrate the business process data flow is therefore a prerequisite.
- Set-Up a Granular Access Control Model. While organizations may already have some means of controlling access to data, what is important is for it to be more granular to support the legitimate business need. Closely monitoring access control is essential to protect information.
- Implement Vendor Management Program. Several businesses use vendors to process huge amounts of sensitive data. By implementing a vendor management program, they can ensure that proper controls are in place. Moreover, such programs can mitigate risks and provide due diligence when appropriate.
- Restrict Mobility of Data. Sensitive information is often stored in USB drives, CDs, portable hard drives, smartphones, laptops and other such mobile devices. This increases the risk of a breach. By limiting the amount of data that can be copied to mobile devices, organizations can effectively mitigate this risk. Data encryption is also essential to minimize the possibility of a breach.
- Avoid Use of Production Data in Test Systems. A lot of expenditure goes into data protection technology for use in the production environment. However, development teams make copies of the production data and put them to use in test systems with minimal or no controls. This should be avoided.
- Have an IRP in place. Businesses experience breaches every year. These breach incidents often go unreported because of the lack of a mature and effective security program. So an incident response program (IRP) is critical to ensure that breaches are recorded, reported, managed, and remediated in a timely fashion.
While these precautionary steps suggested by Dean can greatly minimize risks and associated costs, platforms like Aegify Security Posture Management and Aegify SecureGRC can also prove extremely valuable in ensuring information security as they come with a built-in incident response program and with comprehensive frameworks for security and compliance management.
Related posts
