Where's your Written Information Security Plan(WISP)?
Posted by Len Diana on Wed, Sep 28, 2011 @ 09:30 AM
“Nearly 1 out of 3 Massachusetts residents, from names and addresses to medical histories, has been compromised through data theft or loss since the beginning of 2010” which was in a story on boston.com on September 21st. Do you have a Written Information Security Plan(WISP) in place?
There was a law enacted in Massachusetts in 2007 requiring all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Is your business at risk? Here are some troubling statistics that were released by the Attorney general’s office:
1 out of 3 residents have had their identities compromised!
1,166 data breach notices since January 2010!!
480 reported breaches from January to August 2011!!!
25% involved deliberate hacking of computer systems
23% involved accidental sharing of information with unauthorized people
ONLY 15% of cases where retailers reported theft of customer credit cards
Think about that last number and you realize that 85% of businesses that had data breaches were not retailer stores or online retailers. That means your type of business has been affected. According to the article, Attorney General Martha Coakley said, “There is going to be more room for employee error, for international hacking.” When you look at the firms that have been in the news in the last year(South Shore Hospital, the state’s Executive Office of Labor and Workforce Development, Beth Israel Deaconess Medical Center, Epsilon Data Management LLC), you have to wonder what precautions you should be taking. Nearly 2 million people have been affected by data breaches since the beginning of 2010. If you haven’t done so, create a WISP as soon as you can.
You can download a free compliance checklist here
