I was once again surprised by the laissez faire attitude I got when I was explaining to a prospect why they needed to improve the security of their network - a cheap personal firewall; everyone had administrator rights; no security policies preventing users from copying data to USB drives – these were just a few of the holes; Needless to say, a CPA firm has all sorts of information about their clients and thinking that "it’s not that big a deal" really surprised me. "We’ve never been hacked before and we’re so small, why would anyone want any of our information?" was the Managing Partner’s response. Like I said, I don’t get it. I went on to describe California’s "Database Security Breach Notification Act" and all that it’s about. Apparently, he had no idea about SB 1386…
Specifically, SB 1386, codified as Civil Code § 1798.82, et seq., requires "any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, [to] disclose any breach of the security system…to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person." The statute imposes specific notification requirements on companies in such circumstances. The statute applies regardless of whether the computerized consumer records are maintained in or outside California.
Basically, this means that if for any reason someone gets to personal information (SSN, credit card info, bank accounts, etc.) about your clients from your network, you need to immediately inform them that this has happened. Literally, it’s a crime to even investigate what happened if you haven’t already told them about it first. Again, I don’t know that people really understand what this all means. Imagine the impact to your position as a trusted advisor if your clients thought you didn’t even do the bare minimum to ensure their private information stayed private! I would think your business would come to a screeching halt, let alone the impact from the cost of litigating this.
I went on and asked some additional questions - Are their tax returns stored in PDF’s encrypted? Or, can anyone get to them? How is the security designed and managed around your document storage? Who has access to what information? Who can copy the files onto a USB drive? Which employees have business email on their personal devices? What would you do with that device and those emails if they left? While his head was swirling, I still wasn’t sure if he really got my point or he thought I was just there trying to scare him into action.
Needless to say, security is more complex than ever before and the ramifications are more far-reaching than most realize. While this law may seem draconian, the reality is the biggest ace in the hole is actually included in it. There you’ll find the words "reasonable effort". To me this means that if you’ve acted in good faith and have done what most in the industry are doing to prevent or reduce your exposure, then you should be covered. This is where Managed Services, Managed Security, and a proactive approach to technology comes in. This is where most companies are moving to and where the mindset for those who haven’t has to change. If you’re not managing your network proactively and aren’t working with a trusted advisor like FPA, then how can your clients look to you as a trusted advisor?
Beyond all that you’re doing for your clients, if you’re not doing all you can to ensure your network’s secure - are you really a trusted advisor to your clients?
|Theo tôi khi bạn muốn lựa chọn một căn hộ chung cư cho mình. Bạn cần tìm hiểu kỹ lưỡng về tất cả các thông tin về căn hộ chung cư có ở Địa phương bạn chọn. Nếu bạn ở Thủ Đức Sài Gòn tôt khuyên bạn nên lựa chọn căn hộ chung cư opal garden để có được nơi an cư lý tưởng nhất.|
Bán căn hộ chung cư ở Sài Gòn: http://giacanho.vn/ chung cư giá rẻ tphcm, can ho gia re, căn hộ giá rẻ, chung cu gia re, căn hộ chung cư
Bán căn hộ chung cư Thủ Đức: can ho thu duc, chung cu thu duc, căn hộ thủ đức, can ho quan thu duc,
Cần bán căn hộ cao cấp Quận 2 can ho quan 2, chung cu quan 2, căn hộ quận 2, chung cư quận 2, ban can ho quan 2
Căn hộ chung cư quận 7: can ho quan 7, căn hộ quận 7, can ho cao cap quan 7, ban can ho quan 7, căn hộ cao cấp quận 7
Chung cư Quận 9 giá rẻ: chung cu quan 9, can ho quan 9, căn hộ quận 9, chung cư quận 9
Căn hộ chung cư Opal Garden Thủ Đức: opal garden, căn hộ opal garden, can ho opal garden, chung cư opal garden, chung cu opal garden, opal garden thủ đức
Bán đất Dĩ An: http://muabandatdian.com/: dat di an, ban dat di an, dat di an binh duong, dat nen di an, bán đất dĩ an bình dương, đất bình dương
Bán nhà Dĩ An: http://muabannhadian.com/ nha di an, nha dat di an, nhà dĩ an, nha di an binh duong, nhà đất dĩ an, bán nhà dĩ an, ban nha di an
Posted by: cường( Visit ) at 8/16/2016 1:52 AM