In the wake of numerous high profile cases of identity theft and sensitive data loss, many states have begun requiring businesses to meet certain standards for maintaining privacy. These laws mandate that any business that stores personal information (social security numbers, bank account info, etc.) in electronic form must take steps to protect it. Massachusetts has been one of the more proactive states in this regard.
Following the much publicized data breach at TJX in 2008, Massachusetts enacted a statewide data security requirement that had a wide reaching effect on businesses of all types. Failure to comply with the law can lead to financial penalties and legal action. Businesses that had been lax about data security are now required to take the issue seriously and make an ongoing investment in updating their IT.
It is important to understand that this law does not just affect businesses located within Massachusetts. Any company which does businesses with Massachusetts customers, or has employees in the state, must comply. Along with other data security regulations like HIPPA and GLBA, it is more important than ever to take information security seriously.
Using IT to Stay Compliant with Privacy Laws
Your IT infrastructure makes you vulnerable to attacks from the outside, but it can also be your best line of defense. Make sure you address the following concerns.
- Secure user identification protocols. You need to make sure that whoever is accessing your data has permission. That is why it is so important to have standards for creating passwords and user identifications, and the means to identify unauthorized users.
- Secure access control measures. Access to private information must be restricted to those employees who need it to do their jobs, and no one else. Your IT can help you create secure pathways to keep out unauthorized users.
- Comprehensive encryption standards. Encrypting sensitive information when it travels across public or wireless networks helps to control fraudulent access. Your small business must have the technology and policies in place to ensure that encryption is comprehensive and standardized. These standardized should also apply to data stored on laptops and mobile devices.
- Monitoring capabilities. In the event of a security breach, it is important to be aware of it. Your IT infrastructure must be able to quickly identify and report unauthorized access.
- Firewall protections. Your Internet usage must be protected behind a secure and consistently update firewall. Current software patches and updates must also be a feature of this protection.
- Antivirus and malware protection. Privacy laws require your IT assets to be protected by up to date security software.
- Employee education. Having a workforce that is educated in information security best practices and that understands your IT policies can help your business avoid some of the most common causes of data loss.
Noncompliance with the law is not the only reason to be concerned about IT security. The measures you take to protect your technologies also protect your proprietary information, your professional financial records and the confidence your customers have placed in you. Regardless of whether or not you are in Massachusetts, it is a prudent idea to work with your IT service provider to keep your business as safe as possible. To learn more about using IT to avoid threats and maximize productivity, reference our white paper “The Ultimate Small Business Guide to IT Outsourcing.”