Security breaches. You hear about them all the time, like the recent one at Washington Dulles International Airport. A pilot's laptop containing top secret airport access codes came up missing and posed a potential threat to 17 airports across the country. Had airport officials not responded quickly, the recipient of the access codes could have gained access to airplanes with the touch of a few buttons.
Have you ever thought about what it would cost you if sensitive intellectual property, such as your trade secrets or new product information were stolen or made public? What would be the cost to your reputation? How would your customers react if they knew your data had been compromised?
If you haven't thought much about it, I would suggest that you begin to do so. According to the Carnegie Mellon Institute's report on Governing for Enterprise Security, "addressing security is becoming a core necessity for most, if not all, organizations. Customers are demanding it as concerns about privacy and identity theft rise. Business partners, suppliers, and vendors are requiring it from one another, particularly when providing mutual network and information access. Espionage through the use of networks to gain competitive intelligence and to extort organizations is becoming more prevalent."
As an entrepreneur, you need to play an active and committed role in ensuring the safety and security of the information that's critical to the success of your business. You could suffer financial losses, damage to your reputation and decreased market share. Then there are the legal ramifications.
In the wake of prominent security breaches, regulators have responded by passing new laws requiring companies to implement security measures. I'm sure you've heard of some of them - The Sarbanes-Oxley Act of 2002 or the Health Insurance Portability and Accountability Act (HIPAA). If you're a sole proprietor, small business owner or run a home-based business, you're probably thinking these regulations don't apply to you. You could be wrong.
More than 30 state governments have passed laws that require companies to implement security measures and in some instances, publicly disclose any security breaches that result in the compromise of state residents' personal data. This means that the beauty consultant that accepts credit card payments and the sole proprietor that provides accounting services both have a requirement to protect consumer data. When it's all said and done, customers need assurance that their personal data is being handled in a safe and secure manner.
So, how does one go about securing critical business information and ensuring compliance with state regulations? There's plenty of guidance available on governance and enterprise security. In my next post, I'll discuss security governance along with the goals, processes and roles of an effective security governance program.
In the meantime, I'd like to hear your feedback on what you're doing to address security within your organization.