Tips for avoiding a data security breach
While you might hear more often about data breaches at bigger companies, the reality is that smaller companies and organizations are often targeted and typically have limited data security protections in place.
Your approach to protecting your company from a data breach must be comprehensive.
First, be sure to restrict access to sensitive, confidential information only to employees whose job requires that access.
Vendors, many of whom have access to sensitive information, must be screened to ensure they have security measures in place to protect the data and that they are using your company’s data only in relation to providing the specific services for which you have engaged them.
All employees must be trained on your data security policies to give them clarity on what types of information are considered private, what procedures to use to store or dispose of sensitive information, how to report suspicious emails and what the rules are for careful creation and usage of passwords.
If you allow employees to use their personal mobile devices for business purposes, consider restricting how they are used to access your company’s data. There is software that can be used to separate personal data from business data on the device. It can also be used to scrub a device if it is misplaced or stolen.
Other protections you should put in place include firewalls to protect your networks, secure WiFi access and encryption of sensitive data.
Conduct a website self-audit to ensure ADA compliance
Over the past couple of years, more than 200 plaintiffs have sued businesses nationwide arguing that their websites fail to provide access to people with certain disabilities, alleging a violation of the Americans with Disabilities Act. More recently, a law firm based in Pittsburgh sent demand letters to businesses, banks and others saying that they were willing to “work constructively” toward compliance for a fee.
While court rulings on whether the ADA applies to websites have been mixed, plaintiffs have been using the rulings in their favor to persuade businesses to settle.
The ADA, which went into effect in 1990, prohibits discrimination against people with disabilities. Title III of the Act prohibits discrimination on the basis of disability in “places of public accommodation.” The law doesn’t specifically mention websites, but some plaintiffs argue that a website should be treated as a “place of public accommodation.”
The Department of Justice, which is tasked with enforcing the ADA, has not issued any rules to date for website compliance. Businesses have been waiting for these guidelines for years, but they are not expected until 2018.
In the interim, it’s better to be safe than sorry in protecting your business against these kinds of allegations. That means that all businesses should self-audit their websites to ensure they are accessible to individuals with disabilities.
The rules to follow in conducting your audit are known as the Web Content Accessibility Guidelines (WCAG-2.0) Level AA. These guidelines include recommended alternatives to your usual text, such as increasing font size, using braille or including pre-recorded audio-only or video-only content.
There are also sites that will essentially assess your website for you and provide a report explaining any accessibility concerns.
You might need a web developer to help you implement changes. It’s also important to document any changes you make as a further indication of your focus on accessibility.
Businesses should make sure their insurance policies cover website accessibility claims. Some policies include a broad exclusion for discrimination suits.
An attorney can help you ensure your site is compliant with the guidelines and assist you in reviewing your insurance coverage.