Education remains perhaps one of the most crucial tools to combat the rising tide of data breaches. Which is why, in a roundabout sort of way, a silver lining can be seen amidst the storm of recent major retailer breaches. How? The key word here is major. Because you’ve heard all the news in the past six months about companies like Target, Neiman Marcus, Michaels, and now even sites like eBay (not to mention the LinkedIn hack of 2012); stories you might not have heard in times past, if they happened to smaller organizations. But breaches involving smaller organizations wouldn’t have led to 110 million Americans having their information compromised in the past 12 months, or 432 million accounts, according to a report created by Ponemon Institute and CNN Money. The more colossal the impact, the more the general populace is going to hear about it. In spite of the obvious damage done to those affected, shedding light on these issues is something sorely needed.
“We're never happy to hear about a security breach, but big headlines about data protection make it easier for IT professionals to educate their clients about the importance of maintaining strong security practices,” says Ted Devine, CEO of TechInsurance.
The chaos has even forced Congress to take notice of the issue, with Attorney General Eric Holder behind a recent push for changing the status quo on lackluster data notification laws across the country, to better notify consumers when their information has been compromised. Well, progress goes one step at a time.
Ultimately, though, yes: as I’ve said before, a great importance should be placed on educating employees about a company’s security and privacy policies. Knowledge of who has access to what, what constitutes a breach, what actions to take if something is compromised, etc., is indispensable. Especially since the number one concern healthcare providers have regarding those two facets is unauthorized data access by employees. If the recent high profile data breaches lead to more organizations educating their staff, then perhaps it won’t all be for nothing, and we can gain a greater understanding towards effecting real change in how policy is approached.
Written by Jonathan Weicher
http://www.netlib.com/blog/application-security/Find-the-Silver-Lining.asp
Written by Jonathan Weicher
http://www.netlib.com/blog/application-security/Find-the-Silver-Lining.asp
No comments:
Post a Comment