Eight Ways to Prevent Data Breaches
Perimeter CTO Kevin Prince has kindly offered up several tips for preventing a data breach.
Federal law states that health companies have to disclose if they've suffered a data breach.
Information security group ISACA doesn't think that's enough. Considering the reputational risk to enterprise, the association believes mandatory reporting should be included in the company's regular accounting releases, such as quarterly and annual reports.
There has been a lot of conversation about what consumers should know about breaches and what steps should be taken if personal information is at risk. Along that line, I think it is a good idea to keep shareholders informed on the company's security efforts.
Would disclosing a breach to shareholders help or hurt? ISACA seems to think so:
Whilst the public has a legitimate interest in learning about security breaches, it is important to look at the bigger picture, that of the real public interest in a company being seen to learn from its mistakes and allowing management to recover a situation, rather than subjecting the company to a public witch hunt which benefits no-one in the longer term.