Every week 12,000 laptops are lost in U.S. airports and almost 70% are never reclaimed.  Forty-seven percent of these laptops contain client, customer or consumer information and 65% have no protection for confidential or sensitive information.[1]

“That’s okay, we don’t take our laptops outside the office,” you say.  Recently Advocate Medical Group[2], was burglarized and laptops were stolen out of a conference room.  On those unencrypted laptops was twenty years of patient data including social security numbers. Net result?  Hell.  Four million patients were notified of the loss of their data and the obligatory Health and Human Services investigation and, the cherry on top, a class action law suit!

Here are four things you should do now:

  • Create a data security policy.
  • Educate your employees on that policy.
  • Create a plan both for implementing the policy and for responding to a data breach.
  • Take a look at your insurance policy and decide if you need coverage for data breach.

The first step is the hardest, but it is for your own good.  Start with basic things.  Buy encrypted hard drives instead of unencrypted—I’m using one now and it’s not painful.  Use encrypted thumb drives.  Turn on the audit functions for your system.  Think about what you have online, get rid of the old stuff.  Change your passwords and use a real password (i.e. not “password”).  Think about who needs to have access, then turn off access for others.  A comprehensive policy and plan is a good thing, but at least take some steps to help your company.

As to the next step, create a contingency plan to respond to a data breach.  First, define what a data breach is in your industry.  How will you handle public relations, customer communications and who is responsible for those issues?  What has to be done from a compliance/notice stand point?  How much time do you have?  What law applies?  What is your budget? Who is handling the legal issues?  Who is handling employee relations if applicable, and the like.

While the above tidbits do not rise to the level of a “policy” or a “plan”, they are a good start.

[1]   This is information is derived from a study commissioned by Dell Computers and may be found here:  http://www.dell.com/downloads/global/services/dell_lost_laptop_study.pdf

Be Sociable, Share!