Three privacy/security stories that you should know as you start your week:
President Obama to Offer Cybersecurity/Privacy Previews to State of the Union Proposals
In a series of speeches this week, President Obama will preview important issues to appear in his January 20th State of the Union address. A White House official said in a statement to reporters over the weekend that the president would “lay out a series of legislative proposals and executive actions that will be in his State of the Union that will tackle identity theft and privacy issues, cybersecurity, and access to the Internet.” The President will reportedly speak at an event at the Federal Trade Commission today and outline a plan to tackle identity theft and improve consumer and student privacy. Tuesday, the President will discuss cybersecurity at the National Cybersecurity and Communications Integration Center. We will keep readers updated on what the White House is calling "SOTU Spoilers."
ICYMI: The January 2015 Edition of the Mintz Matrix Is Out -- and State Changes are in the Works
On Friday, we released the updated version of the Mintz Matrix of state data breach notification laws. In case you missed it, you can get the updated chart here.
Now that the state legislatures are getting into session, we are expecting more action amending and tightening up state laws. For example, legislators in Washington state have already filed an amendment to that state's data breach notification law.
At the end of 2014, several proposals were introduced and we will be following where these bills head in the 2015 session. New York's proposal (Bill A10190) imposes requirements on entities conducting business in New York and which own/license computerized data that includes private information that are nearly identical to those required under Massachusetts 201 CMR 17. Most importantly (as you will recall), the Massachusetts regulations require that entities develop, implement and maintain a comprehensive written information security program. A proposed New Jersey amendment would expand the definition of "personal information" to include a combination of user name or email address with any password or security question and answer that would permit access to the online account. Attorneys general in Indiana and Oregon closed out the year with calls for more robust data breach protection legislation in their states. Stay tuned.
Tax Time is a Good Time For a "Security Check"
Businesses and their employees are all dealing with receipt of documents, filings, etc. during this taxing time of year. Tax season is also a prime time for personal information scams and can expose lax internal controls. Here are a few things to remember as you begin preparing for tax season:
Secure your data – Do you prepare your business’ taxes on a company computer? If so, you likely have some very sensitive financial information on your hard drive. Make sure your files are secured with password-protected directories and accounts, and that your entire system is protected from outside threats. Also, if you plan to use a wireless network to electronically file your taxes, be sure to use a secure Internet connection and never use public wireless hotspots. Do NOT send personal information to employees or service providers via email. Make sure that you only use secure transmission methods for sending W2 and other forms that contain Social Security or other sensitive information. If a tax preparer asks you to send documents via unencrypted email -- find another tax preparer.
Back up financial data – When was the last time you backed up your company data? If you don’t already follow a backup schedule, tax season can be a great reminder that you need to regularly back up your data. Regularly backing up your data not only protects you at tax time in the event your data is compromised, it can also help protect you against future events such a natural disaster. Remember that whether you back up to the cloud or a separate physical device/location, electronic data needs to be kept in a secure environment.
Keep your security software updated – You don’t have the time or resources to keep track of each and every new scam, phishing attack, or threat that comes around – that’s what your security software is supposed to do. But just as you can file your taxes without the most accurate tax information, your security software can’t do its job if it’s not up-to-date. The threat landscape changes daily, so keeping your security software up-to-date helps ensure that it will be able to address the most current threats to your information. After all, your ability to run an effective business depends on making sure your confidential data is safe and secure from outside threats.
Remind employees of phishing threats -- Use this time of year as an opportunity to remind employees to protect themselves from tax-related phishing scams. The IRS will never ask for personal information via email. Ever. Some of these reminders from the IRS may be useful to send to your employees as a reminder to protect themselves -- and as a result, protect your business.
Have a safe and secure week!