Litigation and expense demand breach avoidance

by Charles Leaver

November 11, 2014

access_time 5 min read

While most organizations do not have to be reminded of the threat that a data breach could be to their business, lawmakers are currently working to develop more thorough data breach notification laws. This puts more emphasis on something most companies already knew, that they need to tighten their security and protect their files from being stolen. In order to develop a system that is capable of shielding them from the many potential attacks, companies should educate their employees, deploy state of the art technology, and encrypt whatever sensitive data is stored on their servers. With the added scrutiny of an increasingly security-conscious public, it is likely that there will be many more reasons for organizations to protect themselves from breaches.

Even those within industries that have been hit are interested in standardizing the laws surrounding data breaches. According to The Hill, there is, "a general consensus that federal standards are needed on data breach notifications." This is important because currently many organizations are reporting breaches without any sort of standard protocol, which can potentially create incentives to attempt to hide breaches or underreport the damage incurred in order to stay competitive with others within their industries.

How to stop a breach
There are a couple different procedures that companies should follow when trying to keep their data private. Ronn Torossian, a PR executive of 5W Public Relations, has a list of advice laid out for organizations that do not want to be targeted by hackers. His rules boil down to a few basic points, including advocacy for the utilization of state of the art security technology, encryption, and changing company passwords. These are good places to start, but what is the latest in privacy technology?

In order for an enterprise to be secured to a reasonable level, it should use encryption, antivirus and anti-malware scanners, and be protected by endpoint threat detection and response software as well as a firewall. The combination of these four elements together can make an environment about as secure as it can be made within reasonable expectations. The use of several different kinds of security is necessary here because there is no single element of security that can defend a system as effectively as many working together. This isn't due to any inherent weakness within a given piece of software, but rather the fact that different tools are built to counter specific methods of intrusion.

Similarly, keeping employee passwords rotating is merely one element of proper security protocol that workers within businesses should understand. The passwords need to not only be rotated, but also be strong. This means that they should include alphanumerics as well as special characters and be given the option to extend their passwords as long as they want. Password security is hugely important for anyone working with sensitive information, like those in the oil and finance industries, because of the potential damage that can ensue if hackers gain access to any employee login portal. Using other methods for on-premises security like optical scanners can also be very important for unwanted physical intruders from entering secure areas. Deciding when and how to deal with these issues is one of the major dilemmas of modern business, and finding the best way to take care of this for many organizations will be a matter of trial and error.