Please enter your email below to subscribe
In addition to legal costs, fines are also on the horizon for poor data security. As NetworkWorld reports, the government is increasingly imposing financial penalties on firms of all types and sizes that do not follow proper data security guidelines. The result is that the cost of implementing good data security decreases, and the potential cost of not having a good data loss prevention program in place increases.
Data must be protected at every resting place and throughout all means of transit. “At rest” data is data which is stored in a location such as a server in a data center or on a company laptop. Often, companies only encrypt data while it is in transit, so that criminals cannot intercept the data while it is transferred between parties and locations. “At rest” data encryption is often neglected, as was the case Hospice of North Idaho. An employee laptop containing data about 441 patients was stolen out of a car, meaning that the medical patient data on the laptop’s hard drive was completely accessible and vulnerable to anyone who had possession of the laptop. In this case, the Department of Health and Human Services chose to send a message by fining the small non-profit $50,000 for failing to encrypt the patient data on the hard drive, as is required by the Health Insurance Portability and Accountability Act (HIPAA). The message was clear: no one is exempt from legal regulations requiring the protection of sensitive data.
Using the experienced, non-biased eyes of an external party, not blinded by familiarity, is the best way to evaluate your security system and procedures. A company such as Hospice of North Idaho that has a lot of expertise in patient care is not necessarily going to have internal computer data security experts. Guidepost Solutions’ team of security experts can help your company conduct a thorough review of all your data security procedures and implement a program to ensure you comply with all government regulations.
Kenneth Citarella is senior managing director for the Investigations and Cyber Forensics practice at Guidepost Solutions LLC. He has more than 30 years of experience investigating and prosecuting white collar crime and computer crime.