Home Back Issues July/August 2013 Time to make security a business priority

Time to make security a business priority

| Print |  Email
Articles - July/August 2013
Monday, July 08, 2013

BY SHAWN M. LINDSAY

As a business, do you ever handle or use a client’s credit card number or social security number? How about a client’s financial documents, date of birth, driver’s license number, medical records or any other sensitive personal information? If none of these, maybe your website collects information from children under the age of 13, or maybe you have a smartphone app that uses location services? For most of you, the answer will be yes, and the manner in which you handle the information is serious business.

Information privacy and data security issues involve nearly every facet of a business. With the rapid development of digital and information technology, businesses of every size now collect, process and warehouse all sorts of personal information with a variety of technologies, from USB drives to tablets to the cloud. The laws and regulations that govern the handling of personal information are numerous, complex, vary by location and are constantly changing. If a business does not take appropriate care to protect against prohibited access to or loss of personal information, it can be subjected to significant fines and, more important, considerable damage to its reputation.

A few recent examples illustrate the exposure to risk. In February of this year, while on vacation in Hawaii, a hospital surgeon had his laptop — containing personal health information of approximately 4,000 patients — taken during a burglary. The hospital involved offered patients free identity theft monitoring, among other things. This past March, the online note-taking servicer Evernote was hacked, and all of its 50 million users needed to reset their passwords. And late this spring, the Utah Department of Technology Services revealed that 780,000 individuals were affected by the theft of Medicaid information, including social security numbers. Utah had to send a report to the U.S. Department of Health and Human Services to assess potential violations of HIPAA.

Big businesses are not the only ones experiencing technology breaches. Breaches have recently occurred with small dental and medical offices, grocery stores and online retail stores. As a business, what can you do to protect your clients’ confidential information and reduce your potential liability? You can promote prevention, detection and correction.

Interestingly, most data breaches are caused by mundane events like employees losing a USB drive or smartphone, or unwittingly misusing the Internet. One way you can promote prevention is by educating employees. Negligent employees are the top cause of loss. Privacy and security risk is no longer just an IT department problem; it is everyone’s problem. Empower employees to take responsibility for the security processes in place. You can do that yourself, or there are partners that can help you do it. For example, Swan Island Networks offers a solution, Cybero, which provides employees with real-time alerts about the latest social engineering exploits, social media activism and manufactured scams.

You can promote detection by evaluating your risks and improving your compliance. You can do this yourself, or you can partner with experts to assist. For example, ID Experts is a Portland company that can conduct a compliance assessment, a penetration test, a security-risk analysis and an incident response test. With this information, you can then promote correction by formulating a comprehensive remediation plan.

What’s most important is to have a privacy and security team in place. When dealing with privacy and security risks, there is no margin for error. So get that team in place and make sure privacy and security is a priority. It’s always better to build a fence on top of the hill then have an ambulance at the bottom of the hill.

0713 InformationSecurityShawn M. Lindsay is counsel to the firm at Lane Powell and co-chair of the firm’s Privacy and Security Practice Group. He can be reached at 503-778-2124 or This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

 

More Articles

Trends in business succession

News
Thursday, July 03, 2014
TrendsBY TED AUSTIN & MIKE BAELE | GUEST CONTRIBUTORS

The Office of Economic Analysis announced that Oregon is currently enjoying the strongest job growth since 2006. While this resurgence has been welcome, the lingering effects of the 2008 “Great Recession” continues to affect Oregon businesses, especially with regard to estate planning and business succession.


Read more...

Oversight? Or gaming the system?

News
Monday, July 14, 2014
AmazonBY VIVIAN MCINERNY | OB BLOGGER

Some people think Amazon’s winking eye logo is starting to look like a hoodwink.


Read more...

Salvage operation

June 2014
Thursday, May 29, 2014
BY JONATHAN FROCHTZWAJG

For Far West Fibers, one of Oregon's largest and oldest mixed-recycling companies, garbage alchemy has long been big business.


Read more...

The global challenge

News
Friday, June 27, 2014
062714 thumb globalmarketBY JASON NORRIS | OB BLOGGER

Over the last several months we have seen a wave of cross-border acquisitions, primarily U.S.-based companies looking to purchase non-U.S.-based companies. There are a few reasons for this, but the main culprit is the U.S. corporate tax system. The United States has one of the highest corporate tax rates in the world.


Read more...

Q&A: David Lively of Organically Grown Co.

News
Tuesday, July 01, 2014
OGCLogoBY HANNAH WALLACE | OB BLOGGER

Demand for organic food continues to soar: Last year, sales of organic food rose to $32.3 billion — up 10% from 2012. In Oregon, organic produce wholesaler Organically Grown Co. has been championing organic growing methods for four decades.


Read more...

Creating a culture of compliance

Business tips
Thursday, June 19, 2014
DataBY MONICA ENAND | GUEST CONTRIBUTOR

Nine tips for building habits among employees to respond when needed.


Read more...

Charged ride

June 2014
Thursday, May 29, 2014
0614launchBY JESSICA RIDGWAY

Brad Baker, CEO and co-founder of Works Electric, is a good husband. His wife, an OHSU employee, sought a more efficient way to commute up Marquam “Pill” Hill, so she asked Baker to build a transportation solution.


Read more...
Oregon Business magazinetitle-sponsored-links-02
SPONSORED LINKS