When they audit your data security, what will they find?
Data breach at Minnesota’s new health insurance exchange.
An auditor can come snooping around your company at any time. Depending on the circumstances, he/she may be in a bad mood. You need to be prepared.
An employee at MNsure, Minnesota’s new health insurance exchange, emailed the vital, personal information, including social security numbers, of more than 2,000 insurance agents to an unintended source. The person who received the email was another agent himself. Fortunately, he did the right thing and reported the mistake. Counting on such scrupulous behavior from the next recipient of an unencrypted Excel attachment would be foolish to say the least.
While Minnesota’s Governor insists that he’s confident in MNsure as a whole, most aren’t so pleased. Legislative Auditor, Jim Nobles heads an investigation already underway to not only uncover the facts about this particular data breach, but to get the answers to numerous questions he has about MNsure’s data security. That this auditor cites so many unanswered questions implies that he will attempt to gain an understanding of the company’s data security system as a whole.
Is your data security system the next to be audited?
What would happen to your company if an employee makes a similar mistake? It seems that even if the problem were not the result of a direct issue with the data security system currently in place, any existing holes in your defense would be exposed by such an audit. You want to be prepared.
Yes, having your entire system under the scrutiny of an auditor is daunting, but imagine the nature of his/her approach when it’s not just a routine check-up, but a response to serious breach, and especially one that has been made public. The auditor’s simple goal of finding any problems in the security system will become an audible battle cry that justice will be done.
You can expect that any negative security news regarding your company will likely result in a more thorough audit. Jim Nobles makes a point to communicate to the public that the state takes these types of alarming security issues very seriously. It stands to reason that he will be scouring even more closely to find and solve any weaknesses in MNsure’s data security now that the public is watching with concerned eyes.
TechR2 has you covered with onsite data destruction.
When the auditor descends on your company to investigate data security practices (whether it’s routine or of the urgent, targeted variety) you want him/her to find that you have a system in place that not only secures information with encrypted files and strict personnel policies, but that end-of-life, information-containing failed hard drives or loose digital media never even leave your place of business before being destroyed. This is where most companies are vulnerable. TechR2’s system ensures that loose media never finds its way into the hands of cyber criminals. Your IT team deposit all failed and loose digital media in the secure bin, and TechR2’s team comes to you to dispose of them properly.
And don’t just satisfy your auditor. Command his/her praise. It’s not just that your company’s data security system comes complete with onsite data destruction; you are also given a certificate of destruction for your records. You have documentation for each device which is destroyed. Such attention to detail doesn’t merely exude professionalism; it provides enough evidence to significantly aid an investigation of any potential data breach. You are systematically committed to protecting the information of your company and its customers, in addition to making the investigator’s job easier. Talk about making a strong impression.
If all that wasn’t enough, any digging into the environmental ramifications of your company’s robust data destruction system will reveal that TechR2 always maintains EPA compliant recycling best practices. Honoring the environment is embedded in TechR2’s DNA. When you implement its system, respecting the planet becomes synonymous with your company’s identity as well.