I checked my email yesterday morning and was greeted with these three headlines:
Employee at Maryland state agency posts client information online
Sensitive database compromised at Buena Vista University
Hospital: files with personal, medical data on 800,000 gone
Whether a state agency, hospital or university, the issues are the same. Confidential information must remain confidential and there must be practices in place to maintain this confidentiality.
This is true for the small business, also.
I have heard many small business owners state that “no one would care about them”. This may have been correct in the past, but it is certainly no longer the case.
Policy statements, and enforcement of that policy, can be a significant deterrent to events such as are depicted in the above links.
Think about this: Who is in charge of updating the business website? Is only authorized information put on the Internet? Who is the one responsible for authorization?
Sometimes a file may accidentally get put on a web server. The contents of the web server should be a part of the regular audits.
Regardless of policy, breach and data loss events are usually a result of someone not being diligent.
I sure not would want to be the one responsible for any of these data loss events.
- Dan
