Yahoo’s Data Breach – 3 Must-Have Compliance And Policy Management Processes

Yahoo has recently come under fire for one of the largest data breaches ever recorded, where over 500 million user accounts with sensitive and personal information were compromised. This information, including passwords, names, banking information, and confidential documents, showcases yet another example of the importance of robust cyber-security standards to prevent such attacks from occurring, especially on a scale with hundreds of millions of users affected.

In this case, more than regular users were affected. Many organizations require upper management and leadership to use a personal email address resting outside of their IT environment. Confidential agreements and top-secret documents are much more vulnerable when shared outside the confines of an organization’s firewalls and security measures. The shock-waves of this latest data breach from a major company will be felt in the foreseeable future, and place greater stress on businesses to tighten up compliance protocols.

Outlining certain policies and procedures to address a course of action in the event of a breach or specific ways of sharing secure documents can reinforce an organization’s compliance expectations. Preventing a scenario like Yahoo’s data breach with your policies and procedures include:

1. Defining Policies on Sharing Classified Information

Employees and leadership in an organization need to understand the importance of protecting vital information in the forms of communication they use. Emails are at the core of business communication channels used today, but need proper security measures implemented to help keep crucial data within the organization’s IT environment. Compliance and policy managers should have policies and procedures in place to detail how federal regulators like the SEC require organizations to contain sensitive information from hackers and other cyber-attacks. Policy management software, especially on a platform like SharePoint for example, could be an effective way at communicating the dangers of sharing classified information on email channels outside of the organization’s firewalls.

2. Maintaining Policies on Disclosing Information

Federal regulators like the SEC and FCPA are pressing organizations to disclose certain information when breaches or other such events take place. In Yahoo’s example, the cyber-attacks they experienced began in 2014 and were not immediately disclosed to the proper authorities. Federal security laws have tremendous compliance implications if broken. Substantial fines and lawsuits can be administered if organizations fail to properly disclosure important security manners.

While most organizations already have disclosure protocols in place, compliance and policy managers need to keep a close eye on the ever-changing regulations they face and the policies they have to abide by them. The risk on non-compliance from failure of proper policies and procedures outlining how the organization responds to a crisis and discloses to regulators is too concerning to brush off.

Related Artilce: 5 Ways to Better Manage FCPA Risk

3. Securing Documents and Information Away from Emails

Emails are too insecure to store important documents in, especially if an organization uses service providers outside of their boundaries. Malware and other cyber-threats can infiltrate an organization if a user account is breached, creating a whole new series of concerns for compliance managers. Many businesses understand policy management software, along with contract management software, are necessary to safely store policies, contracts, documents, and classified information. ConvergePoint’s compliance management solutions rest within an organization’s SharePoint ecosystem, meaning sensitive information remains in one central location instead of circulating around in insecure email channels. If a new policy or contract is being discussed between compliance managers and other executives, all communication and exchanges of documents are handled within the SharePoint system and away from email channels outside the organization.

Lock up your data before it walks out the door by following some of the simple steps to keep your information secure. For more guidance, check out how preventing data breaches starts with creating and training on policies. After all, safeguarding your data is not just a legal requirement, it’s our promise to you.

Talk to a compliance specialist today to learn how our Policy Management and Contract Managementexpertise can be applied to your business by scheduling a demo now.