Follow Kara Linkedin Twitter Facebook
Email Kara Email
Legal Issues
Jan 1, 2016

Five Keys To Crafting A Cybersecurity Policy For Your Business

Sponsored Content provided by Kara Gansmann - Attorney, Cranfill Sumner & Hartzog LLP

The New Year – and particularly 2016 – is a perfect time to review your company’s cybersecurity policies and make necessary changes. From governmental entities, to nonprofits who collect donations by credit card, to the health care industry’s collection of health data, to employers who store employees’ social security numbers, and to hotels and resorts that collect traveler data, nearly all businesses are susceptible to liability resulting from a data breach.
 
The list below outlines the five key precepts of a cybersecurity plan, and is a good starting point for you to use in reviewing, updating or even drafting a cybersecurity policy for your business.

  1. Know the location and kinds of data you collect and possess. Inventory all of your company’s devices and equipment to learn where your company stores sensitive data. Assess all of the different kinds of data in your possession. Know the source of the data, as well as who has access to it. It is imperative to both know and follow the laws governing receipt, security and storage of data.
     
  2. Collect only data that is necessary to your business needs. Maintain and collect only the data necessary to conduct your business. Check the default settings on your software that processes transactions because sometimes software is preset to permanently store information. If you must keep sensitive information for business reasons or to comply with the law, develop a written records retention policy to identify what information to keep, how to secure it, how long to keep it, and how to securely dispose of it.
     
  3. Protect the data. The kind of protection necessary for securing sensitive data turns on the type of information it is and how it’s stored. Physical protection ranges from locks to limiting access to data or even securing devices like PIN pads. Electronic security includes encryption, firewalls, monitoring the network for malware, limiting third-party connections to the network, and changing default settings on devices. Develop employee policies for passwords, mobile devices and digital copiers.
     
  4. Purge unneeded data. Identify reasonable and lawful disposal methods based on the sensitivity of the data.
     
  5. Create a response plan for a security breach. Create a “breach response plan,” investigating what data was compromised, ending vulnerabilities, and notifying those affected by the breach. Recent North Carolina legislation requires notifying consumers and the attorney general if personal information has been compromised in a security breach.
While each industry may be subject to other specific data laws and requirements, these five precepts apply generally to every business’s cybersecurity policy.
 
Kara Gansmann, a North Carolina native, is an associate in Cranfill Sumner & Hartzog LLP’s Wilmington office, where she focuses her litigation and appellate practice on various aspects of labor and employment law, business and contractual disputes, medical malpractice, and HOA matters. To contact Kara Gansmann, call (910) 777-6055 or email her at [email protected].  

Other Posts from Kara Gansmann

Wbj insights revised 0510 121615113531
Ico insights

INSIGHTS

SPONSORS' CONTENT
Swainboardf19 walsh 5212033948

Turning Crisis Into Opportunity

Richard Walsh - Swain Center for Executive Education & Economic Development
Carolinemontgomery4

The Incentive Stock Option Tax Trap

Caroline Montgomery - Adam Shay CPA, PLLC
Mike stonestreet 300x300

Communicating In A Crisis: Part 1 – Defining A Crisis And Preparing Communication

Mike Stonestreet - CAMS (Community Association Management Services)

Trending News

For $100M Waterfront Project, Construction Begins

Cece Nunn - Aug 10, 2020

Developers Plan $8.5M Spec Building In First Construction At Brunswick Megasite

Christina Haley O'Neal - Aug 11, 2020

Hendrick Acquires Auto Dealership From Neuwirth Motors, Completes Moves

Cece Nunn - Aug 11, 2020

Private Preschool Opening Wilmington Location

Cece Nunn - Aug 11, 2020

Home Sales Jump 34% In July, Realtors Report

Cece Nunn - Aug 10, 2020

In The Current Issue

Major Project Would Impact Southport

The developer of River Place in downtown Wilmington is partnering with Bald Head Island Limited on a nearly 400-acre development dubbed Proj...


Dosher Foundation Gets Golden LEAF Grant

Dosher Memorial Hospital Foundation received $378,000 from the Golden LEAF Foundation for an on-site well water system at the Southport hosp...


NHRMC Programs Receive Several Accolades

Several New Hanover Regional Medical Center departments and providers recently garnered state and national accolades for their work....

Book On Business

The 2020 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!


Galleries

Videos

2020 Leadership Accelerator: Virtual Workshops for Real Leaders
2019 Health Care Heroes
August 26, 2019 Power Breakfast: A Healthy Sale?
2019 WilmingtonBiz Expo Keynote Lunch - CEO, nCino, Pierre Naude`