Last week US Congress began the process of making President Obama\u2019s State of the Union address, where he focused on ways to secure the nation\u2019s businesses and infrastructure in cyberspace, a reality.<\/p>\n
On Wednesday two House members reintroduced a bill requiring companies to meet a specific set of data security standards when handling customers\u2019 personal information.<\/p>\n
In the past, versions of the bill \u2014 known as Data Accountability and Trust Act (DATA) \u2014 have been introduced several times, with one measure approved in 2009. No versions of the bill have ever become law, however, and in 2014, renewed efforts to push it through the House went nowhere.<\/p>\n
The current proposal would deputize the Federal Trade Commission (FTC) to set nationwide data security standards for companies handling sensitive data, such as full names, Social Security numbers, ID information and credit card information. If this information was exposed by hackers, companies would have to notify the customers and the FTC. They could also face civil penalties of up to $5 million if they hadn\u2019t adhered to the commission\u2019s security standards.<\/p>\n
Despite mounting pressure on Congress to pass the bill following high-profile cyberattacks on major companies like Target, Home Depot and JPMorgan, US businesses still need to take voluntary action to protect themselves; legislation alone will not solve the problem.<\/p>\n
Stand up and be counted, or face punishment<\/strong> Unfortunately, many customers of these organizations still don\u2019t know where and how their data is being used by hackers, resulting in some taking legal action, as has been seen with Target. However, while I sympathize with those affected by any data breach, legal action should be the last resort because protecting sensitive data should be a simple and cost effective task.<\/p>\n Convenience not ignorance<\/strong> The simple fact is that anyone using a personal wireless device to access corporate data represents a security risk, given the high-level of user-convenience and low-level of security afforded by these devices. And if you factor in that many of the IT security guys within these companies feel that their advice is being ignored, you\u2019ve got the perfect conditions for a data breach.<\/p>\n Unfortunately this culture of convenience has led to widespread ignorance in terms of corporate data security. This, in part, has been driven from the top, with security policies being formulated around the CEO, or key executives, who want to be able to access a whole range of corporate data from their own personal devices. Sadly, even in light of the recent data breaches, there are many executives out there who still don\u2019t understand this risk.<\/p>\n Collaboration is key<\/strong> Also, this legislation shouldn\u2019t be used as a stick by IT departments to lock down data on a massive scale, especially denying remote and mobile access. Realistically, all departments \u2013 ranging from IT to HR \u2013 as well as external vendors need to work together to agree to a security policy which delivers the most effective working environment possible.<\/p>\n At the same time, all employees, from the board down, must accept that if they want the freedoms and benefits of working from home, or accessing email remotely on their own device, their access must and will be predicated by some degree of secure authentication, which in today\u2019s world, must go beyond a username and password approach.<\/p>\n Security is all about the long game<\/strong> Last week US Congress began the process of making President …<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[6],"tags":[],"class_list":["post-1","post","type-post","status-publish","format-standard","hentry","category-blog"],"acf":[],"yoast_head":"\n
\nFor too long many of these organizations have not publicly communicated with their customers. They choose not to tell them that their personal data has been stolen, instead letting the media break the story. Worse still, even when the media makes the world aware, they still maintain radio silence at a time when their customers are crying out for advice on how to limit the damage.<\/p>\n
\nThere\u2019s no doubt that our new hyper-connected world offers many benefits to businesses and consumers alike. But accessing data anywhere, anytime and on any device has weakened corporations IT security defences, and greatly contributed to the majority of the data breaches we\u2019ve seen in the past few years.<\/p>\n
\nAlthough I\u2019m in favour of the DATA proposal, I hope that any legislation will take into account the role \u2018human error\u2019 can play in some data breaches; I truly don\u2019t want to see businesses who\u2019ve put the right protocols in place, being unfairly punished when they\u2019ve been hacked.<\/p>\n
\nWhile some cynics may claim the DATA proposal is somewhat knee-jerk, the reality is the threat that hackers pose to consumers, corporations and governments is not one that can be dealt with easily or quickly. And it\u2019s this realisation that every one of us needs to take into account to ensure we operate happily and securely in this digital age.<\/p>\n","protected":false},"excerpt":{"rendered":"