With frequent data breaches in the news and regulators hammering down on security and privacy issues, many executives and technical leaders are updating their policies and procedures. We recently asked Louis Sirico, an expert in RFID technology, and Connect&Go’s Director of Information Technology, to share his advice on how his company launched an enormous update of their policies and procedures during their busiest year yet. Sirico also serves as the Information System Security Officer and Data Protection Officer at Connect&Go as well as being certified in EU General Data Protection Regulations.
Sirico wanted Connect&Go, leader in radio-frequency identification for large events, to make their data security and privacy policies more sophisticated. He used Securicy to quickly build a new set of policies and procedures, then train and track that all employees were aware of their responsibilities.
“This gives you a starting point that is applicable to you, that you can modify and tailor to your business. You can go from there, using a system that grows with you. It’s not just a document, it’s a system.”
“This is a living breathing document or set of documents.”
“We can track versions of the documents. We may have one policy that is version 1.5 and another that is 1.0. We can track on a policy-by-policy basis. People can see exactly what changed. That updated policy is identified, they can read and accept it.”
“If we grow to a 500 person company, Securicy will still work for us.”
Some small companies, with little data or a low-profile client base, may be able to fly under the radar cobbling together their own policies. But companies working with large customer databases or hoping to work with Fortune 500 companies will need to step up their game.
“My advice is that unless you hire an employee or consultant who does this on a day-to-day basis, there is a lot that you don't know. You can search around online, but that is not an efficient use of time.”
Now with Securicy, Sirico can easily manage the cybersecurity strategy himself, without the need for an expensive consultant, or requiring the full-time attention of another employee.
If you're still on the fence about updating your security and privacy procedures are are six reasons to get the process started:
- Protect your business from data breaches: Without updating your company is more at risk to potential security breaches.
- Win new clients: Clients want to sign a contract with a company that is up to date with current best practices.
- Save existing client partnerships: You never know when an existing client might call for an audit of your security procedures. Updating means not just getting new business, it’s maintaining and keeping what you have.
- Avoid fines: Without strong policies and procedures, you're much more vulnerable to fines. With governments and organizations across the globe enforcing strict security and privacy regulations, doing business in the state of California or European Union countries under GDPR.
- Prevent legal problems and reputation damage: A data breach because you're behind in your security updates will inevitably lead to a bad reputation with clients and the public. Clients and customers could even pursue legal action.
- Qualify for cyber insurance: Many clients are requiring companies to have cyber insurance. To qualify for cyber insurance you have to have policies and procedures in place.