With cyberattacks grabbing headlines in high-profile data breaches, it may have come as a surprise that a government agency identified a company for coming up short with its data security practices. The threat was caused by the company itself, according to the agency.
For the first time since it was created in 2010, the Consumer Financial Protection Bureau (CFPB) recently issued a penalty to a company for misrepresenting the safety of its data security practices. Dwolla, an online payment processing startup that has been targeting PayPal as a competitor, was fined $100,000.
In its report, the CFPB said Dwolla “did not adopt or implement reasonable and appropriate data-security policies and procedures governing the collection, maintenance, or storage of consumers’ personal information” since its launch in 2010. In response, Dwolla defended its data security practices — pointing to its encryption measures and other data protection.
While Dwolla is in the business of processing money transactions, all companies have an obligation to ensure the security of employee and client personal data. Here are essential steps developing a robust data security plan.
- Be strategic. Analyze the areas that could be subject to breaches. Work with your IT department to develop a comprehensive plan that outlines who has access to sensitive information (should be extremely limited); implements an encryption system for gaining access to information; and establishes policies for onboarding and offboarding employees to make sure confidential information stays secure.
- Enforce security policies. If you’re like most companies, you have plenty of employees who are using mobile devices to perform their work responsibilities. Do you have a BYOD policy? Or has it been awhile since you reviewed it? Take the time to review the steps required to keep company information secure. Require employees to use the company’s security measures and outline the repercussions for violations. Make sure you’re regularly educating your employees on the importance of data security practices — from online behavior to data sharing.
- Seek consulting and solutions. Maybe your company is not equipped with the internal staff that can plan the data security strategy you require. Seek outside consulting to develop the solutions that will keep your company’s data protected. It could be an investment that saves you significantly in the long run.
Whether a data breach occurs through internal negligence, cyberattacks or a lack of planning, it can cost your company not only in terms of fines or other financial losses, it can result in long-term consequences as you try to recover from the damage to your brand. Investing the time to pursue data security measures is essential to the success of your company.