Why is data security important?
While people have an inherent sense of the fact that data security is important, if when asked why they never have a concrete answer and can’t clearly show why it is important, there is no way that you can determine how much of your time and effort should go toward protecting it.
There are two distinct reasons for data security. First is that data security is important to your customers and employees in order to prevent identity theft. While there is not enough data to provide a definitive value on the cost of identity theft, if you are either the source of the information that was used to commit identity theft, then you can face the loss of those customers, loss of your reputation and potential law suits. The second reason is the direct cost to your company. This is both from fraud (identity theft is fraud that has to happen somewhere) and the cost to clean up losses.
When we say data security, what do we mean?
When we talk about data security, we include the protection of sensitive information, data privacy and fraud prevention. Sensitive information can be personally identifiable information, personal health information, intellectual property or any other type of information that, in a given context, could be used to either commit identity theft or fraud or be damaging to the company if it were lost, stolen or otherwise made available. This is not just electronic information, but paper or any other form that it may take.
Why do we combine fraud prevention and privacy with data security?
Privacy is included because keeping information private is a critical part of keeping information safe. We include fraud prevention because most information, if it can’t be used, is useless. Also, all of the requirements that drive the requirement for the protection of data also include an intention to prevent fraud. And finally, preventing fraud is just good business.
Why do we say that EVERY business has a responsibility to protect sensitive data?
Not only are there laws that require it of every business, regardless of industry or size, but your contracts require it as well. Virtually every contract you have, requires that you have an obligation to keep any sensitive information associated with the contract confidential.
What this means is that you, by your own hand have required yourself to have a program that meets reasonable industry standards for protecting this sensitive information.
Isn’t data security only a problem for big businesses?
Short answer - NO! Every law, regulation or standard that governs data security specifically is written to include ALL businesses, regardless of size. The only caveat that helps small businesses is that these requirements allow for you to have a program that matches the size, nature and complexity of your businesses. This doesn’t mean that you can skip sections of a security program, just that you may not have to do as much for a particular area.
All the news seems to be about big companies and high tech hackers. Why should this concern me?
The news highlights big business and high tech hacking because the truth isn’t nearly as sexy. 80% of all data losses have a root cause of employee error. Employee errors happen everywhere. And if you aren’t prepared, your business may not survive. 60% of small businesses that suffer a loss are gone within 6 months.