Data Breach Unsecured Warning Sign

New Data Breach Laws Mean More Trouble When You Get Hacked

Mar 23, 2018

The recent surge in cyber theft and hacking has everyone worried. With each new data breaches, consumers realize how vulnerable we are. After the Equifax hack of September 2017, state legislatures began proposing new Data Breach Laws that would tighten data security.

Data Breach Notification

For those working with an MSP, the burden often falls on them to increase security so that breaches simply don’t occur. Though this concept is good in theory, MSP’s sometimes struggle to find the right balance between convenience and stronger security for cyberspace.

New Proposed Legislation

The American Bankers Association believes that during 2018, at least half of all states will develop tougher data breach laws for the financial services industry. One of these bills receiving more attention originates in New York, the home of many prominent financial institutions. Experts believe the new bills being developed for New York could become a model for other financial providers. These bills could even affect federal laws.

The new legislation will be designed to stop the onslaught of huge, expensive data breaches, such as JP Morgan Chase, Sony Pictures, and Equifax. Many believe this type of legislation is way overdue.

The bill being developed by legislatures in New York is called the “Stop Hacks and Improve Data Security Act” (SHIELD Act). It will require that any organization that handles financial or sensitive information produce clear examples of its safeguards. It would also require all banks, credit reporting agencies, brokerages and insurance providers to develop better security measures. In addition, the new laws will apply to anyone who deals with consumers’ personal financial information.

The bill will contain phrases like “clear examples of safeguards” that force organizations to provide proof of their security measures. Many experts believe these “safeguards” might include all administrative, technical, and physical security measures taken by any company that deals with the private information of New Yorkers.

Though MSPs are already gearing up to offer higher levels of data security to their customers, the problem of data security falls back on each financial services company. Consumers are outraged when corporations the size of JP Morgan Chase and Equifax don’t take data security seriously enough. This outrage can spawn expensive lawsuits.

Keys to Success

Though MSPs will begin offering more robust data security plans, it’s important to remember that the burden falls back on each business. Nowadays, you simply can’t rely on a third-party vendor; the stakes are too high. Your company could be sued by anyone who loses their personal and banking info to hackers. For this reason, most businesses have a small team of IT pros on premises that communicate regularly with their MSP.

Your own IT department should be fully engaged with your MSP. They should understand exactly what security measures have been put in place and how this system is protecting your data. They should be involved in program upgrades. They can also work inside your business to organize monthly security briefings for employees.

Consider Hiring Security Experts

Though most MSPs offer a comprehensive group of security services to help protect your data from intrusion, many top banking and financial institutions are going one step further. They are hiring security experts whose only job is to ensure that all data is safe and secure from hackers. Companies that specialize in providing data security plans follow a strict regimen of protocols. They conduct regular security risk assessments. Their team will come out to your company regularly to train employees. And this is so important to your overall security plan.

Risky employee behavior is responsible for over half the data breaches. Every day in companies worldwide, employees make mistakes that could spell disaster. They commonly share passwords, ignore prompts to install patches, click on suspicious email links, and use weak passwords. Employees need better training to know and remember to utilize all company data breach policies.

Are You Doing Enough to Stop Hackers?

Though many MSPs are fully current on the policies and procedures for greater cybersecurity protection, it’s important to decide whether their security measures are strong enough. If your company handles the financial information or healthcare information of others, basic data security programs may not be enough.

Ransomware attacks are on the rise. Cyber thieves break into your system and hold your data hostage until you pay the ransom. Many company owners are unsure whether their data is safe from these attacks. The days when anti-virus programs and firewalls were adequate to protect data are over. Your company will require the highest level of protection to remain safe. Remember that cybercriminals never rest. They’re always looking for new ways to steal names, addresses, and banking information.

The Revolution in Technology

Today’s cloud technology allows everyone to take their work wherever they go. In addition, consumers can access that information on a laptop, phone, or iPad. Though all these new technological advancements are fun and convenient, they present a unique challenge for security experts. Regular security risk assessments can determine whether your employees are leaving important data right out in the open for criminals to find.

HIPAA guidelines require that a normal SRA include a basic inventory of where and how sensitive data is being used. These assessments are available for financial institutions as well. They are a great way to get the big picture about how sensitive data is transmitted, stored and accessed, whether using email, text messages or mobile devices. Most security experts believe a comprehensive Security Risk Assessment is a great place to start.

Better Documentation

Lastly, good, solid documentation of all security policies is required. All employees should know and understand their employer’s security policies and procedures. Each software upgrade should be documented.  Any events that might affect your organization’s data security should be documented as well. Any time an employee is terminated, your company should have a very specific procedure that it follows to prevent an angry employee from stealing data.

Changing the Way We Do Business

The new cybersecurity laws may change how we all do business daily. Though some of these laws will be cumbersome and inconvenient, the alternative is much worse. It’s important to remember that the new cybersecurity legislation is meant to protect us from hackers and data loss. Consumers want to return to feeling safe when they do business online. And that’s the goal of these new laws.

Whether you decide to select security experts who have the skills and tools to address all types of data breaches or continue on with your MSP, the game has to change to stop hacking and cyber crimes. Each employee should feel personally responsible for doing their best to protect data. Your MSP and IT department must work together to build the strongest fortress possible for your sensitive information.

About Trevor