Topic(s): Data Protection
Given the season, I thought a set of New Year’s information security resolutions would be in order. I’m sure you have your own items, but here is my list:
- Review and update our information security policy.
- Calendar a complete test of our business continuity/disaster recovery plan. Update the plan as necessary.
- Allocate funds and time this year to get a better handle on where and how data is used and stored within the enterprise.
- Test and confirm the company’s litigation hold procedures to ensure relevant records, both hardcopy and electronic, are properly preserved in the event of a claim or litigation.
- On completion of the foregoing tests and updates, review and revise, as appropriate, the company’s document retention policy.
- Update the company’s technology, e-mail, and Internet policies to clearly address the latest areas of potential risk, including employee use of non-company-provided computers to access company systems (e.g., home computers), employee use of removable media (e.g., USB fobs and other portable storage devices), employee use of Web-based e-mail accounts, and employee installation of peer-to-peer networking software. Ensure employees are aware of any changes to the policies.
- Provide additional training to relevant employees regarding the foregoing topics.
- Read this blog once weekly.
- Eat better and visit the gym on a regular basis.
Happy Holidays to you all and best wishes for a very happy, secure, and prosperous New Year.
