The increased use of personal computers, laptops and certainly smart phones and touch pads has increased the risk associated with an unauthorized disclosure of confidential information by companies today. Companies are increasingly susceptible to liabiltiy lawsuits and state mandated notifications and investigations as it relates to such confidential information. According to the Lulz organization a well-known cyber hacker “We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” See Hackers Claim New Sony Cyber attack . If a company with the security, funds and technology as Sony can be hacked, are the rest of us really safe. It is estimated that that attack which shut down the PlayStation cost Sony almost $200 million dollars. The best that a company can do is have policies and procedures in place and properly insure the risk. A few suggestions are relating to protecting your company’s assets are as follows:
1. Develop of digital media policy. This needs to be a written policy that not only address such items as server access, but also addresses the use of laptops, smartphones, touch pads, and even jump sticks, mobile hard drives or copiers.
2. Obtain encryption software for all mobile devices, including cell phones. You can obtain fairly inexpensive software that will encrypt your mobile devices and even allow you to format or clear a hard drive remotely in the event a device is lost or stolen.
3. Use passwords that are harder to break. In general passwords should be at least 8 characters and have combinations of upper and lower case and alpha and numeric digits. Please note that any password can be hacked, however, you would like to make it as hard as possible.
4. All computers should have a screen saver password. All machines should have an opening screen password. If you have encryption software, it will prompt for a secondary password as well.
5. Destroy all hard drives after use. Most people recycle computers (as they should) after they reach their useful life. You should remove all hard drives and destroy them. This includes copiers, since they have their own hard drives and are often the subject of violations of privacy disclosure.
6. Obtain a cyber-risk insurance policy. These policies help protect a company in the event they have liability associated with an unauthorized attack or disclosure and can help offset costs associated with notifications, credit monitoring and image consulting. For a more comprehensive understanding of this risk, please visit www.axisins.com or call 201-847-9175