RIMS, Lockton reports outline best practices to avoid computer data breachesPosted On: Feb. 6, 2012 12:00 AM CST
Practical solutions for protecting computer data include developing a written information security plan, assessing data management requirements and developing a data breach plan, says a report on best practices issued by the Risk & Insurance Management Society Inc. and two other organizations Monday.
“ERM Best Practices in the Cyber World” was issued by New York-based RIMS, Scottsdale, Ariz.-based Identity Theft 911 L.L.C. and Coral Springs, Fla.-based USLAW NETWORK Inc.
Separately, a report issued Friday by a London-based Lockton Cos. L.L.P. unit says most data breaches occur because of human error or a glitch in the system.
According to the ERM report, other steps that firms should take to protect their data include setting breach response priorities and executing the breach response plan.
Commenting on the report, Carol Fox, director of the strategic and enterprise risk practice at RIMS, said, “This report will help executives tap ERM best practices for unifying legal, security, data management and protection, information security, privacy, compliance and audit functions that are needed for a comprehensive data risk approach, while protecting risk assessment report findings.”
The report, which is available at www.RIMS.org/RIMStore, is free to RIMS members, those belonging to the USLAW NETWORK and IDT911 clients, and $29 for others.
The Lockton report says human errors “are often compounded when organizations fail to observe basic security procedures and to encrypt sensitive information.”
The report says the most common reasons for data “going astray” are stolen or lost laptops or other sources of encrypted information, such as data sticks; emails with sensitive customer data being sent in error; databases that are not effectively protected; and loss of encrypted data in transit from one organization to another.
The report says that while the cost of data breaches in the United Kingdom has risen by more than 70% during the 2008-2010 period, to £103 ($163) cost per record breached, it has stayed virtually static in the United States, where mandatory notification is the law in most states.
Copies of the study, “Cyber Risk Decoded: A Report on Data Risks, the Law, Risk Mitigation and Insurance,” are available here.
For in-depth coverage of this topic and related issues, visit our Solution Arc on Managing and Insuring Cyber Security Risks.