With frequent data breaches in the news and regulators hammering down on security and privacy issues, many executives and technical leaders are updating their policies and procedures.
We recently asked Louis Sirico, an expert in RFID technology, and the Director of Information Technology at Connect&Go, to share his advice on how his company launched an enormous update of their policies and procedures during their busiest year.
Sirico wanted Connect&Go, a leader in radio-frequency identification for large events, to make their data security and privacy policies more sophisticated. Sirico also serves as the Information System Security Officer and Data Protection Officer at Connect&Go as well as being certified in EU General Data Protection Regulations. Here are some of the top reasons he says business leaders should make the effort to do the same.
If you’re still on the fence about updating your security and privacy procedures are six reasons to get the process started immediately:
Sirico used Securicy to quickly build a new set of security and privacy policies and procedures. Then he could train and track that all employees were aware of their responsibilities. The tools they got with Securicy were much more powerful than manually managing a program with generic policy templates and spreadsheets.
“This gives you a starting point that is applicable to you, that you can modify and tailor to your business. You can go from there, using a system that grows with you. It’s not just a document, it’s a system,” Sirico says.
With Securicy as their information security command center, Sirico rolled out new policies and implemented supporting procedures. They can track versions of the policy documents, which is useful if one policy is version 1.5 and another is 1.0. Employees can see exactly what policies have changed and get notified they need to read and accept it.
“If we grow to a 500 person company, Securicy will still work for us.”– Louis Sirico, the Director of Information Technology at Connect&Go
Some small companies, with little data or a low-profile client base, may be able to fly under the radar cobbling together their own policies. But companies working with large customer databases don’t want to take that risk. Those who work with Fortune 500 companies are all stepping up their game, a process often initiated by vendor security questionnaires.
“My advice is that unless you hire an employee or consultant who does this on a day-to-day basis, there is a lot that you don’t know. You can search around online, but that is not an efficient use of time,” Sirico says.
Now with Securicy, Sirico can easily manage the cybersecurity strategy himself. All without the need for an expensive consultant, or requiring the full-time attention of another employee.
Ultimately, companies can’t afford to operate with outdated security and privacy policies.
When was that last time your company updated your security and privacy policies?