The U.S. Federal Trade Commission (FTC) issued new data security guidance for businesses on June 30, 2015. The publication, Start With Security: A Guide for Business, consolidates other guidance from the FTC that reflects its position that security by design, much as privacy by design, should be integrated into business processes. The guidance isn’t new, but includes 10 tips:
- Start with security.
- Control access to data sensibly.
- Require secure passwords and authentication.
- Store sensitive personal information securely and protect it during transmission.
- Segment your network and monitor who’s trying to get in and out.
- Secure remote access to your network.
- Apply sound security practices when developing new products.
- Make sure your service providers implement reasonable security measures.
- Put procedures in place to keep your security current and address vulnerabilities that may arise.
- Secure paper, physical media, and devices.
The FTC offers many other resources on data security and privacy, and its enforcement actions in this area highlight some chief concerns. With the increase in data breaches and resulting regulatory investigations and class action lawsuits, the FTC’s guidance is a good reminder of some security basics for businesses.