In spite of current problems with technology outrunning policy and laws that would protect its users, I do not advocate living in a state of fear, a state of paranoia. I do, however, believe in being informed. I have smart phones, my whole family has computers, our clients have computers. You should be informed of what laws apply to you because at some point, you are going to end up in court, and ignorance of the law is not a defense. If you do not know that everything on social media is legally public data and your employee posts something that gets your company sued, it is too late to say, “I didn’t know.” If you did not know about your kid posting a picture on tumblr or on Facebook about the breakfast they were having in Tahiti while going to Fiji, and it just destroys your $2.7 million a year security budget, it is not the kid’s problem. That very thing happened to Michael Dell: his company spent $3 million a year protecting his family. And his son put up a photo of a breakfast he was having before leaving on the trip to Fiji, while his daughter tweeted details about a wedding reception she was attending. So the $3 million they spend each year body guarding the family just got shot to pieces by his kids. Ignorance is not a defense.
In addition to being well-educated on the laws that apply to you, your business should have a written security policy. If you do not have one, request that a plan be built for you.
If you have any questions, you can always email me: Raj@brainlink.com. There are a lot of templates out there but like any template, you really have to tailor them to your business. We would be happy to create a plan and policy for you and your business. Having a written policy is required for many industries, and it is a good idea because it will help you as a business owner understand what you are and are not authorizing your employees to do. By taking these first steps of educating yourself and creating a security policy, you can lay the groundwork for more secure tech practices in your business.