Data Security – The Secret To A Good Night's Sleep
“U.S employee data breach tied to Chinese intelligence” & “I.R.S. Data Breach May Be Sign of More Personalized Schemes.” These headlines could make you believe that someone stealing your clients’ data is inevitable. The scary thing is, it’s not the hackers that are the largest source of data breaches. The 2015 Cost of Data Breach Study by the Ponemon Institute, a data-protection think tank, indicates that two-thirds of all global data breaches stemmed from human error and internal system problems. That’s a statistic that will certainly cause anyone responsible for the integrity of client data to lose sleep.
“The bottom line is that it isn’t just an IT problem” says Hillary Kelbick, President of MKP communications inc., “it’s every team member’s concern, regardless of whether you are a small marketing firm with 15 employees like MKP, or a multinational corporation with thousands of employees.”
Kelbick goes on to say “companies have to approach the challenge from two directions; implement the best technology they can afford to safeguard client data, and ensure their employees understand their responsibility to keep all clients’ data safe and act to minimize risk. ”
Businesses need to develop and implement policies and procedures that reduce the possibility that human error will cause Non-Public Information (NPI) to fall into the wrong hands. The fact that employees are constantly on the go and need to remain plugged in increases the risks of NPI being compromised and the corresponding importance of having policies and procedures in place to mitigate the risk.
As an example, MKP has implemented a robust Information Security Policy that is reviewed and updated regularly to ensure that it incorporates the latest security standards. The policy:
- Defines the roles and responsibilities of all team members,
- Outlines operational workflows for receiving customer data via a secure SFTP site,
- Provides a comprehensive overview office’s physical security,
- Articulates data asset classification and corresponding procedures for storage and maintaining data security.
“Because we work primarily with financial institutions that are regulated by the Gramm-Leach-Bliley Act, we base our privacy &security policies on the “Financial Institutions and Customer Information: Complying with the Safeguards Rule” as outlined in the GLB Act” says David Gaull, Director of Operations. For companies that are regulated by the GLBA, noncompliance could result in:
- Civil monetary fines of varying amounts up to $1 million or more,
- Prison sentences of up to five years,
- Lower examination ratings and increased reporting requirements, and
- Enforcement actions, which can include board resolutions, memorandums of understanding, written agreements, and cease and desist orders.
Every member of the MKP team understands that client data is sacred and works to safeguard it. NPI is only accessed via secure servers and is never accessed from a mobile device. If there is a need to download NPI onto an employee’s computer, it is digitally shredded using US DOD compliant 7-way random write procedure, when no longer needed. “Keeping client’s data secure is of the utmost importance for all team members. We want to sleep soundly at night and that is only possible knowing that we have done our best to ensure the security of our client’s data.” says Gaull.
MKP communications inc. is a New York City based communications company that delivers spot-on strategy, smart, fresh creative, combined with flawless execution, for financial services clients.