With frequent data breaches in the news and regulators hammering down on security and privacy issues, many executives and technical leaders are updating their policies and procedures.
We recently asked Louis Sirico, an expert in RFID technology, and the Director of Information Technology at Connect&Go, to share his advice on how his company launched an enormous update of their policies and procedures during their busiest year.
Sirico wanted Connect&Go, a leader in radio-frequency identification for large events, to make their data security and privacy policies more sophisticated. Sirico also serves as the Information System Security Officer and Data Protection Officer at Connect&Go as well as being certified in EU General Data Protection Regulations. Here are some of the top reasons he says business leaders should make the effort to do the same.
Why You Should Update Your Security and Privacy Policies Now
If you’re still on the fence about updating your security and privacy procedures are six reasons to get the process started immediately:
- Protect your business from data breaches: Without updating your security program, your company is more at risk of potential security breaches.
- Win new clients: Relationships with vendors depend on trust. Clients want to sign a contract with a company that is up-to-date with security best practices.
- Save existing client partnerships: You never know when an existing client might call for an audit of your security procedures. Updating means not just getting new business, it’s maintaining and keeping what you have.
- Avoid fines: Without strong policies and procedures, you’re much more vulnerable to fines. Governments and organizations across the globe are enforcing strict security and privacy regulations. Businesses are quickly moving to keep pace with new privacy standards in the state of California and European Union countries under GDPR.
- Prevent legal problems and reputation damage: A data breach because you’re behind in your security updates will inevitably lead to a bad reputation with clients and the public. Clients and customers could even pursue legal action.
- Qualify for cyber insurance: Many clients are requiring their tech vendors to have cyber insurance. To qualify for cyber insurance, you have to have security and privacy policies in place.
How Connect&Go Updated Their Security Program
Sirico used Carbide to quickly build a new set of security and privacy policies and procedures. Then he could train and track that all employees were aware of their responsibilities. The tools they got with Carbide were much more powerful than manually managing a program with generic policy templates and spreadsheets.
“This gives you a starting point that is applicable to you, that you can modify and tailor to your business. You can go from there, using a system that grows with you. It’s not just a document, it’s a system,” Sirico says.
With Carbide as their information security command center, Sirico rolled out new policies and implemented supporting procedures. They can track versions of the policy documents, which is useful if one policy is version 1.5 and another is 1.0. Employees can see exactly what policies have changed and get notified they need to read and accept it.
“If we grow to a 500 person company, Carbide will still work for us.”– Louis Sirico, the Director of Information Technology at Connect&Go
Upgrading Security for the Competitive Edge
Some small companies, with little data or a low-profile client base, may be able to fly under the radar cobbling together their own policies. But companies working with large customer databases don’t want to take that risk. Those who work with Fortune 500 companies are all stepping up their game, a process often initiated by vendor security questionnaires.
“My advice is that unless you hire an employee or consultant who does this on a day-to-day basis, there is a lot that you don’t know. You can search around online, but that is not an efficient use of time,” Sirico says.
Now with Carbide, Sirico can easily manage the cybersecurity strategy himself. All without the need for an expensive consultant, or requiring the full-time attention of another employee.
Ultimately, companies can’t afford to operate with outdated security and privacy policies.
When was the last time your company updated your security and privacy policies?