Ask Ali: How do I protect myself from the financial liability of keeping our customers data safe?

Q:  How do I protect myself from the financial liability of keeping our customers data safe?

A: I am sure you know by now that without proper security measures (Secure Authentication, VPN, Firewall, Training, etc.), you are leaving the “Virtual” front door open to your business for hackers to steal your Intellectual Property [IP], and your customers’ personal data. You may not know this, but the law clearly defines you, the business owner, liable for any and all data breaches, especially when you have your customers’ data.

Now, what are the measures you could take to protect your company and yourself from financial liability thay comes with data breaches?

Encrypt your PII* (Personally Identifiable Information) at rest and in transit

PII includes your company data as well as your customers’ sensitive data. Keeping the data encrypted at rest, meaning at the local disk and while in transit, meaning from one location to another or sending via email, is crucial. There are many tools to help you achieve that.

Have an employee training policy around cyber security in general and importance of protecting PII. Employees are always the weakest links in data protection

Always know where the PII is stored

Remove unnecessary copies of the data, if not needed. These are old data, already archived data, etc…

Use a Password Management tool to store all your passwords

Never save your passwords in browsers. Never write them down on a sticky notes. Never use the same password on different sites or applications.  Never use simple/short passwords

 User Permission

Familiarize yourself with the term “Least Privilege” principal. Give your users the bare minimum access necessary to perform their job. I have seen many cases that Administrators have given “Admin” level access to everything, including shared files on servers, local machine, etc…  This should be avoided at all costs. Start with minimum privilege and if/when they require additional access, grant them!

Ex-employees Access

Have a solid procedure in place to remove access for employees who no longer are with the company. This includes access to any Line of Business application, being local or in the cloud, email, shared files and even mobile devices

Lock your device when away

Always lock your screen or have a screen saver setup the locks your computer. Make sure to enable the password to unlock it

Get E&O Insurance

E&O stands for Error and Omission that essentially is the liability insurance to protect you against losses due to negligence on protecting data that resulted in financial loss. It covers what traditional liability insurance does not cover

 *PII

The list includes but not limited to:

Social Security Number (SSN)    
Bank Account number/Routing number

Driver’s License
Credit Card numbers

Passport Information    

Name/Last name/Address

Patient Health Information

CEO Computers has been helping companies identify their risk areas and mitigate them. We are offering a onetime, FREE scanning of your data for any PII that exists on your server and give you a detailed report on type of data being exposed and the potential liability amount. We will also show you different ways to protect them. If you have any additional questions you’d like answered, feel free to email me at: info@ceocomputers.com.

 Stay safe and healthy everyone!