Are You Feeling Alone?
By: Groff NetWorks
What is this SHIELD Act you’ve been hearing about?
Gov. Andrew Cuomo this past July signed a law called the Stop Hacks and Improve Electronic Data Security, also known as the SHIELD Act. This new state law requires companies big or small to take “reasonable” steps to protect clients’ personal data.
Wait…. How do we know what’s “reasonable”?
SHIELD is BIG and scary but it doesn’t have to be with a little help. As a fellow business owner, here’s what you need to know… really, we need just this sentence: plan, implement and maintain reasonable data protection. Basically, know that any breach is a breach and you MUST report it. You need to show that you actually care, and you’ve taken reasonable steps to make sure breaches don’t happen so that customer’s data is protected.
Let’s walk through the SHIELD Act’s “reasonable steps” TOGETHER…
STEP 1: HUMAN RESOURCES
I know some of you must be thinking what does HR has to do with the SHIELD Act? The first question investigators ask will be “who is on your cybersecurity team?”. HR plays a significant role in the requirements that SHIELD is mandating to businesses. One of the common roles of HR is assigning responsibilities to certain roles and positions within the company. In order for companies to successfully implement SHIELD, Human Resources will designate responsibilities to employees based on the cybersecurity program. This will be in addition to their original responsibilities. Human resources is also in charge of training employees to understand their role within the workplace. HR will now be responsible for updating their new/current employees on the SHIELD program procedures.
STEP 2: SEE SOMETHING, SAY SOMETHING
Whenever customer(s)’ data is breached, the customer(s) must be notified and it must be reported IMMEDIATELY. Breaching under the SHIELD Act is anything that could be considered unauthorized access of the company holding the customer’s personal/private information. When an account has been breached the company must follow the procedures of its cybersecurity program. They must also send a report of the incident to the office of the Attorney General. Essentially the business should be showing upmost care for the consumer, in doing whatever they can to protect them… and reporting it to state authorities. This gets serious quickly…
STEP 3: THE RELATIONSHIP BETWEEN THE COMPANY AND THE EMPLOYEES
Out of all of these steps, this may be the most important factor from keeping your consumers and your company to be compromised. Communication with your employees is crucial. When assigning new job responsibilities from the SHIELD Act to employees, discuss what they are and how they could be affected. Also, make sure your employees fully understand their training in the data security program. Be sure to make it an open work environment to prevent the risk of any negligence.
STEP 4: GROFF NETWORKS
I know what you’re thinking, this seems like a lot of work, but lucky for you this is what good Technology Success Practices (IT Firm/Management Service Provider, plus a lot more) handle every day. Here at Groff NetWorks, we implement all the requirements of New York State’s SHIELD Act into our daily work. In simpler terms, we call it having a Servant’s Heart. We consider being Caring, Responsive, Friendly and Honest to be our recipe for success. Give us a call today and get your business SHIELD ready.