It’s not only good business practice to implement Cybersecurity Best Practices to secure sensitive data, in some cases it’s also required by the Federal Trade Commission (FTC). The Gramm-Leach-Bliley (GLB) Act requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of client’s personal identifying information.
The definition of “financial institution” includes many businesses that may not normally describe themselves that way. In fact, the Rule applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services.
This includes, for example, mortgage brokers, nonbank lenders, personal property or real estate appraisers, accountants and professional tax preparers.
As part of its implementation of the GLB Act, the FTC issued the Safeguards Rule, which requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure.
The Safeguards Rule requires companies to assess and address the risks to customer information in all areas of their operation, including three areas that are particularly important to information security: Employee Management and Training; Information Systems; and Detecting and Managing System Failures.
This includes (but is not limited to) the following:
Controlling access to sensitive information by requiring employees to use “strong” passwords that must be changed on a regular basis.
Using password-activated screen savers to lock employee computers after a period of inactivity.
Developing policies for appropriate use and protection of laptops, PDAs, cell phones, or other mobile devices.
Training employees to take basic steps to maintain the security, confidentiality, and integrity of customer information.
Preventing terminated employees from accessing customer information by immediately deactivating their passwords and usernames and taking other
Know where sensitive customer information is stored and store it securely. Make sure only authorized employees have access.
Maintaining up-to-date and appropriate programs and controls to prevent unauthorized access to customer information.
Taking steps to preserve the security, confidentiality, and integrity of customer information in the event of a breach
Contact us to for a free cybersecurity assessment to evaluate what you can do to protect your business.