Advances in security continually become available and businesses need to stay current and ahead of those who might seek to penetrate their systems. Keeping up with the technology can be difficult, but it is essential. Cloud computing and the growing use of mobile devices to conduct business have added another layer of complexity to the ways a business must maintain data security. An example of this vulnerability was “Heartbleed,” a flaw discovered in OpenSSL the open source encryption standard used by many websites to transmit secure data. Because of a programming error in OpenSSL, a Google security researcher found that it would be relatively easy to trick the computer to send data stored in memory that included usernames, passwords, credit card numbers, and encryption keys. Once this flaw was discovered a business using OpenSSL should have immediately changed passwords and upgraded to the new version without the Heartbleed bug. Heartbleed is a prime example of the need to closely monitor what is happening in the technical world of data privacy and security. The NIST Framework discussed above can also be a useful tool for a business developing technical safeguards. Encryption, Encryption, Encryption One of the basic steps to mitigate risk under most data privacy and security laws is to encrypt the data. The practice of “encrypting” data to be unreadable by an interceptor has long been an accepted practice of securing data that is transmitted electronically. For example, encrypted data will not be susceptible to a data breach that triggers notification under HIPAA. Certain states (including Minnesota) may not consider the loss of encrypted data to be a data breach or a loss of data that requires notification under the statute. [See Minn. Stat. § 325E.61]. One of the first questions asked in any security incident or data breach investigation is therefore whether or not the data was encrypted. Businesses should be sure to encrypt personal data transmitted over unsecured networks or stored on portable devices. Encryption technology is continuously changing so a business should also make sure that they are using the most current encryption technology.
170
Made with FlippingBook - Online Brochure Maker