Follow Kara Linkedin Twitter Facebook
Email Kara Email
Legal Issues
Mar 1, 2016

The Third Step To A Sound Cybersecurity Plan: Protecting Your Data

Sponsored Content provided by Kara Gansmann - Attorney, Cranfill Sumner & Hartzog LLP

In this series on crafting a cybersecurity plan for your business, the third aspect of a plan implements ways to protect the personal data gathered and used by your business. While the best protection of data depends on what kinds of data your business uses, protection involves four general areas: physical security, electronic security, personnel security, and contractor and vendor security. Use these guidelines to draft the protection component of your own cybersecurity plan.
 
Physical Security: The best defense here is essentially a locked door and written policies for access to personal data. Consider storing tangible items like papers, disks and jump drives in a locked file cabinet or locked room (or off-site storage facility), limiting access only to those employees who have a legitimate business need. Identify who has a key. Remind employees not to leave papers on their unattended desks. If you ship personal data, encrypt it and keep an inventory of what data is shipped. Secure items like PIN pads.
 
Electronic Security: This area includes password management, device security and Internet safety. Your written policy should require employees to use “strong” passwords that must be changed frequently and password-activated screen savers. It should also forbid the sharing of passwords and posting passwords at work stations. Change vendor-supplied default passwords for new software and equipment. Ensure your employees encrypt data sent digitally by e-mail or over public networks. Limit laptops and smartphone access to only those who need portability to perform their jobs. Use wiping programs to delete unneeded data on laptops. Require IT administrators to approve all downloads or changes to security settings, and regularly run anti-virus and anti-spyware programs. Consult your IT specialists for firewalls, security features of digital copiers, and an intrusion detection system.
 
Employee Security: With employees, it is imperative to not only draft employee policies for cybersecurity, but to also adhere and enforce those policies. Put your cybersecurity rules in employee handbooks. Ask employees to sign confidentiality agreements and security standards. Some employee policies implement protocols for responding to e-mails and telephone calls to avoid “phishing” scams. Require regular cybersecurity training for employees and update them with new risks and vulnerabilities.
 
Outside Vendor/Contractor Security: Your company’s security practices are only as successful as those who implement them. Carefully vet your company’s contractors and service providers by comparing their security practices to your own. In your contract with these providers, address specific security issues for the type of data the contractor will handle. Insist that they notify you of any security incidents even if data was not actually compromised.
 
By addressing these aspects of data protection, your cybersecurity plan will foster a heightened culture for security. But more so, a strong cybersecurity plan can serve to limit your liability in the event of an unfortunate data breach.
 
Kara Gansmann, a North Carolina native, is an associate in Cranfill Sumner & Hartzog LLP’s Wilmington office, where she focuses her litigation and appellate practice on various aspects of labor and employment law, business and contractual disputes, medical malpractice, and HOA matters. To contact Kara Gansmann, call (910) 777-6055 or email her at [email protected].
 

Other Posts from Kara Gansmann

Wbj insights revised 0510 121615113531
Ico insights

INSIGHTS

SPONSORS' CONTENT
Yasminheadshotwithlogo

Why Volunteer for a Nonprofit Board?

Yasmin Tomkinson - Cape Fear Literacy Council
Adamshay 300x300

Leadership Lessons From The Battleship

Adam Shay - Adam Shay CPA, PLLC
20170717 101554 1 72117112436

Make A Wise Investment In Your Child’s Future

Steve Adams - School of Learning Arts

Trending News

Local Airbnb Hosts Earned Nearly $11M In 2017

Cece Nunn - Jan 15, 2018

Business Community Remembers Beth Quinn, Co-founder Of She Rocks

Christina Haley O'Neal - Jan 17, 2018

Investor Buys Leland Industrial Park Property

Cece Nunn - Jan 15, 2018

Piano Bar And Lounge To Fill Aubriana's Downtown Spot

Cece Nunn - Jan 17, 2018

Made Mole Brewing Coming To Oleander Drive This Spring

Jessica Maurer - Jan 17, 2018

In The Current Issue

Two Local Firms Rank On Entrepreneur’s 360 List

Two companies with local ties made it on the Entrepreneur 360 list of the “Best Entrepreneurial Companies in America” for 2017....


MyBeeHyve Focuses On MLMs

Various network marketing companies – such as Avon, Thirty-One, Rodan + Fields and Mary Kay – attract a number of would-be entrepreneurs, es...


MADE: Making Inroads In A Medical Market

MADE in the Cape Fear: spotlighting goods manufactured in Southeastern North Carolina. Leland-based Lucid Innovative Technologies makes medi...

Book On Business

The 2017 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!


Galleries

Videos

WilmingtonBiz Expo - Keynote Lunch with John Gizdic, CEO, New Hanover Regional Medical Center
Wilmington's Most Intriguing People of 2017
2017 Health Care Heroes