Reasonable Duty of Care: Data Security and Privacy

ata breach, breaches, reasonable duty, IT security, Privacy, Hacker, Default password, litigious society, Reasonable Duty of Care, Data Security

You’ve see it in the news all too frequently now in our technologically interconnected world; companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. The terrible truth is that companies and consumers are losing the battle. The cost of these breaches is rising as consumers are beginning to hold companies responsible for the mishandling of their personal and private information.

Terrible Truth: The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record. (Source: Ponemon Institute)

Any company that collects, communicates and manages a customer’s private information has a reasonable duty to provide for the security and confidentiality of that information. This is especially true of organizations that are compensated for these confidential services. Consider for a moment what types of confidential information you manage for your clients and then consider whether the security and privacy measures you have protecting that information are reasonable and appropriately maintained.

Terrible Truth: 96% of breaches were avoidable through simple or intermediate controls according to a recent study. (Source: US Secret Service)

Implementing security infrastructure such as a firewall or installing anti-virus software on your work computer or mobile device are important steps towards demonstrating reasonable care, but not all. What are some other security and privacy measures a company should consider? How about basic technology maintenance such as software patches and adhering to simple security best practices such as strong information access controls for starters!

Software updates on your network infrastructure devices such as firewalls are no less critical than your work computer. Software patches are released by vendors to eliminate operational and security problems associated with those products. If you neglected the maintenance of those products, you’d run a significant risk that some hacker will exploit that weakness and take control of your company or steal confidential information. Do you realize that if a hacker breaks into your company firewall by exploiting a software bug or using a weak password, that that hacker could intercept and eavesdrop on all of your activity and messages passing through that firewall? It’s true! Do you realize that many passwords, even default passwords are commonly known and published on the Internet for anyone to use? All of these commonly used passwords are integrated into hacking tools used to break in systems with breathtaking ease. Do you think that using passwOrd as your password is secure? Guess again! I guarantee a hacker will not need to.

If you are responsible for the security and privacy of a customer or client’s confidential information, don’t overlook the fundamental security measures that are the catalyst for the majority of security breaches today and yet are so avoidable. Information security is a complex undertaking and given the dynamic threat-scape out there, it’s no surprise that many companies are unknowingly neglecting some of the security fundamentals like maintaining firewalls software patches or some other security task that is relatively out of sight, out of mind. When in doubt about what you should be doing, enlist the assistance of qualified security professionals. I assure you, in today’s litigious society, neglecting security basics could cost you your business.

Stay secure my friends!

If you are interested in contacting us for more information about the content and services offered by Your Personal CXO, LLC or for media interview inquiries or aggregation requests, please use the following contact methods:

By phone: 1-762-822-4174
By email: