Preventing a Data Breach

With the continued focus on recent data breaches, I thought it would be a good idea to discuss some of the prevention methods agencies can use to avoid a breach.

  1. Passwords – Creating a strong password is the first step in protecting your data, along with regularly-scheduled password changes for your systems. Most carriers now require password updates every 60 to 90 days. When establishing your password, use at least eight characters with lower and uppercase letters, symbols, and numbers.  Make sure you store your passwords in a safe and secure location (and not on a sticky note attached to your monitor!)
  2. Automatic Virus Prevention Updates – Most virus, malware and spyware protection software provide automatic updates.  Every computer in your agency should have the automatic update turned on for your virus prevention software.  Appoint someone in your agency to check this on a regular basis and make sure the renewals are paid on time.
  3. Encryption – In most state data breach statutes,  if a device is encrypted and it is lost or stolen, it does not constitute a data breach.  Encrypting your laptops, USB and other mobile devices is essential to your data protection plan.  Check with your local IT professional on the different encryption options available.  Once your device is encrypted, make sure you store the password in a safe place and not on the device.
  4. Training – Every office should establish guidelines on how data is to be processed within and outside the office.  Create procedures for collecting Personal Identifiable Information (PII) or Private Healthcare Information (PHI).  Management should review your data collection and storage guidelines on a regular basis.
  5. Verify emails – We have probably all selected the wrong name on an outgoing email, only to find this out moments after hitting the send button.  Most email software applications have a feature to delay the message by a few minutes before it is actually sent.  This gives you time to discover your error and resolve the issue before you have a potential data breach.  Be sure to double check your emails that have PII or PHI information before hitting the send button.

Implementation of these recommended solutions can help to tighten up your security and may even prevent a potential breach.  If you have any questions on any of these recommendations, please feel free to email me at grobertson@iianc.com.