Proposed Law Gives Hacked Businesses 30 Days to Notify Customers

Proposed Law Gives Hacked Businesses 30 Days to Notify Customers

cloud securityA proposed law would give businesses that have been hacked 30 days to fess up. The Personal Data Notification & Protection Act would give a company 30 days to notify customers that their personal information has been exposed. On average, the time from when a company is hacked to the time the hack is discovered is 229 days. And most of the breaches are discovered by someone outside the company.

According to CNN, in 2015 over 50% of Americans had their personal information exposed, though cyber crime or careless employees. Americans are getting more reluctant to hand over personal information — these are your clients, your stockholders, your business partners. Can they trust your business with their personal information? To succeed and grow, you clients must trust that you have their best interests in mind. That includes trusting your company with their personal information.

You don’t want to be the company that has to inform your clients that you have lost control of their personal information.

Take these 3 steps to ensure a cyber-secure organization:

1. Get a security assessment
Understanding your organization’s security state and identifying vulnerabilities are the first steps toward protecting the confidentiality, integrity and availability of critical data.

2. Build a risk-aware culture where there’s simply zero tolerance, at a company level, when colleagues are careless about security. Teaching employees to be aware of an organization’s security requirements can be one of the most effective ways to enhance the company’s overall security posture. Employees are a key link in the security of a business’ technology infrastructure and company data.  Without end-user training on security best practices and policies, it is impossible to secure your information resources or ensure data privacy.

3. Manage incidents and respond—A company-wide effort to implement intelligent analytics and automated response capabilities is essential. Creating an automated and unified system will enable an enterprise to monitor its operations and respond quickly — within 30 days if the Personal Data Notification & Protection Act is passed.

Contact ACE IT Solutions at 646.558.5575 for a complimentary security assessment. We will help you understand your current security posture and the steps you can take to protect your valuable data, your client’s personal information and your reputation.