No one can really be sure that this information was not retrieved and will not be used for illegal activities. How well will the parents and children sleep now, knowing that their private information was vulnerable.
What confidence and creditability has been lost, because someone "thought" only principals could access the information. Fortunately the student who discovered the breach notified the right people in a timely manner.
If this was a business, would you want to want to do business with them? Would you keep doing business with them? It takes a long time to rebuild the trust lost in a few minutes, because someone thought they had a secure system.
It will be interesting to see if government regulators will now fine the school. Most businesses will not have much choice. You have to wonder if they have a Written Information Security Plan (WISP)?
A WISP plan is more than a set of documents that sit on a shelf and collect dust. It is a comprehensive plan to ensure data breaches do not happen. Nothing is perfect and breaches do occur. The WISP plan defines how to recognize a breach and what to do when one is discovered. These plans must be updated every year and at any fundamental change in business operations.
If you are wondering what a WISP plan is and if you should have one, then you should and you should contact us as soon as possible. Typically any organization that keeps private information about employees, suppliers, or customers is required to have a WISP plan. Private information is a name, social security number, address, credit card number, or any personally identifiable piece of information. To complicate matters more, each state has its own definition of what needs to be reported and how soon along with how much they are going to fine you.
Dolvin Consulting partners with industry experts Cyber Security Auditors & Administrators (CSA2) to determine your risk quotient and help you plan, develop, implement and secure a working WISP plan. Contact us today to see how we can help you meet your compliance needs. We are here to help.
No comments:
Post a Comment