The experts predict that it is not "if" businesses will be the victim of a data breach, it's is "when".  In fact, they believe that most businesses already have been victimized.  If the chances are that high, it would be a great idea to start thinking about what you will want to tell your customers when you notify them. Seriously, what will you want to be able to tell them about how you protected their personal information.

5 Things You Will Wish You Had Done Before a Data Breach

In the event of a data breach, you want to be able to tell your customers that you did everything possible to protect  their personal information.  It is the key to maintaining good faith relationships with your customers.

Here are 5 precautions you should put in place now.  If a breach occurs, you will be glad you did.

1. Encrypt, Encrypt, Encrypt

If you encrypt all portable devices, if they are lost or stolen it is not considered a data breach!  How is that for a get out of jail free card.  Laptops, smart phones, tablets as well as desktops should all be encrypted if you have any personally identifyable information on the device.  Yes, a recent data breach was the result of a desktop computer being stolen from a medical practice.  As a rule, if it has any pii, or phi, encrypt. This includes e-mail and text messages if you are sending sensitive information.

2. Ban Portable Storage Devices 

Flash drives are handy, but never, never use them to store pii or ePHI.  They can be lost or stolen very easily, which is prevenatable by implementing a policy to not use them.

3. Enable User Settings & Audit Controls on Every Computer

This is crytical to preventing unauthorized access to sensitive information, and necessary to locate the root cause of a data breach.  If you do not know how, it is worth every penny to hire an IT support company to set this up for you.l

4.  Proper disposal of old hardware is critical

Any device that has pii or ePHI must have the hard drive wiped or be destroyed before disposal, and the necessary certicates need to be obtained and on file for an auditor in the event of a breach.

5.  Train your Employees

There is nothing more important than training your staff on protecting patient information, or any other sensitive personal information.  There are training programs available if you do not have an internal program.  Employees must understand what protected information is, where it is stored, and how to keep it safe.  They must understand online security and the risks of social media.  If your industry is regulated by PCI or HIPAA Compliance rules, make sure all employees understand the expectations, and be sure to have the consequences of violating your policies documented. 

Actually, if you follow these 5 suggestions, you will most likely never be the victim of a data breach, a very good reason to implement these strategies immediately.

Need help with these suggestions, call IntelliSuite at 877-843-5767, or contact us at http://www.intellisuite.com/contact/.

 

Rose Doherty

Written by Rose Doherty