Spindustry Blog

FTC Can Now Sue Companies for Lax Online Security Practices - What You Need to Do Now

Posted by Jessica Plunkett on September 9, 2015
Find me on:

In case you missed the latest digital security news – and you can’t really afford to miss this one – the United States Third Circuit Court of Appeals has ruled that the Federal Trade Commission can sue companies for lax online security practices. The specific case involved Wyndham Hotels and their “unfair cybersecurity practices, that ‘taken together, unreasonably and unnecessarily exposed consumers’ personal data to unauthorized access and theft.’” Read the full story here.

Can your company afford to be sued by the FTC because you didn’t take full precautionary measures in collecting and storing consumers’ personal information? We asked Joel Weichman, our Director of Technical Services, to share three tips on what every company should stop and do right now to evaluate their digital security practices.

  1. Analyze the data you’re collecting.

Analyze the data you’re collecting to determine if there is personal data that should be encrypted at rest (PII) or if there is data that does not need to be stored anymore. Know where your data is and how securely the data should be stored – this is an important first step to minimize exposure if or when you have a breach.

  1. Don’t think you’re exempt from a breach. Plan ahead.

Don’t underestimate the possibility of having a data breach. It can happen to anyone. With the right upfront planning and the necessary programming – which does require additional time and budget – your investment can save you far more than the cost of having to correct it after the fact. Each “record” that is lost in a breach can cost a company more than $180 per record. Those costs involve investigation of the breach and process used, correcting the attack vector, monitoring those affected by the breach, company crisis management – and now FTC fines.

  1. Conduct security education with your staff.

Security is not a “one and done” process. It must be monitored and updated continuously. New attack vectors, phishing scams and vulnerabilities are being found every day. Employees are the easiest targets for getting information and the weakest links in the defense of your data. Regular security education is a must to keep them informed of the latest threats and protection opportunities.

Act Now

If you haven’t evaluated your security practices in the past few months, you need to make it a priority. Focus on evaluating your current processes and implementing preventative measures. Equally important, develop a plan for when a security breach occurs. You don’t want a delay in handling the situation, which can cause additional problems including more money to fix it and a damaged reputation.

If you’d like assistance evaluating your current security practices or developing a security education program for your staff, contact our team.

 

Topics: network security