CHARLESTON — In honor of National Data Privacy Day, West Virginia Attorney General Patrick Morrisey on Jan. 28 urged businesses to consider the importance of safeguarding consumers’ personal information.
“Hackers are becoming more resourceful in finding ways to breach even the most secure of networks.” Morrisey said in a statement. “That’s why we are urging all businesses to take necessary precautions in protecting customers’ personally identifiable information.”
Personal information often is required for many necessary business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft or similar harms.
Given the cost of a security breach — losing customers’ trust and perhaps defending a lawsuit — protecting personal information is a worthwhile investment.
Morrisey urges businesses to take steps to protect their information as well as any collected customer data. Those could include the following:
• Develop a sound data security plan to prevent and respond to any security incidents.
• Ensure that employees are well trained on the plan and strictly adhere to it.
• Use strong passwords and securely store sensitive paperwork.
• Only collect personal information from customers if absolutely necessary or required by law. Safely dispose of that information as soon as it is no longer needed.
• Make sure the computer system and website have appropriate safeguards to prevent hacking.
• Provide customers with an email address or customer service phone number that allows them to validate the correspondence they receive.
• Monitor returned email messages as scammers often hijack email systems to send bulk messages.
• Keep track of customer service calls and check for spikes in certain types of complaints such as a password inquiries and changes. Check for unusual customer account activity such as large volumes of logins, password changes, purchases, withdrawals, etc.
Morrisey suggests checking with groups such as the Open Web Application Security Project, www.owasp.org, or SANS (SysAdmin, Audit, Network, Security) Institute’s Information Security Resources, https://www.sans.org/security-resources, for up-to-date information on the latest threats and fixes.
Those who believe they have been a victim of identity theft are urged to call the Attorney General’s Consumer Protection Division at 800-368-8808 and the Federal Trade Commission at 1-877-438-4338 or go online to www.ftc.gov/idtheft.