Computer and software security includes strong passwords with ninety day expiration, firewalls, anti-virus and malware software, encryption and monitoring updates and patches. Physical security measures include, safes, locked cabinets, shredders and surveillance. As crucial as it is to implement physical and computer security, it is just as critical to train employees on the procedures and the proper use of the provided tools. Ongoing security education and instruction will help to prevent careless mistakes that can lead to vulnerability and breach. Creating and maintaining an incident response plan as well informing employees of its existence is significant. In the chaotic incident of a data breach a guide and listing of steps will assist in the process.
It is also imperative to define security requirements upfront with vendors and other third party service providers. It may be necessary to acquire outside services to uphold and maintain appropriate security measures to comply with certain state and federal regulations. Ensuring that the company maintains control of data at all times, especially with data storage or services, is …show more content…
Reputation, productivity, and profitability can all be negatively impacted in the aftermath of even a single incident. If a data breach results in actual identity theft or other financial loss, the offending organization may face fines, civil or criminal prosecution. In case that a breach does occur it is important to immediately reference the incident-response plan. Time is of the essence, acting quickly can shut down further damage either by the offender or by noncompliance of state and or federal regulations. Failure to act promptly could lead to both increased regulatory scrutiny and liability. The immediate goal is to minimize reputation damage and customer hardship, offering credit monitoring might help to prevent further damage to clients and restore a sense of