Oh boy, the GLBA (Gramm-Leach-Bliley Act)! Its a real doozy, innit? When it comes to complying with it, businesses often stumble. Lets talk about some common screw-ups.
First off, many companies, specially smaller ones, dont even realize GLBA applies to them. They think, "Hey, were not a bank, were good!" managed services new york city But if youre involved in any sort of financial activity – lending, insurance, investment advice (even indirectly!) – guess what? Youre probably covered. Ignorance isnt bliss, folks, its gonna cost ya!
Then theres the whole issue of a written information security plan.
Employee training, uh oh. Thats another biggie. You cant just tell your staff, "Hey, be careful with customer info!" and expect them to magically understand complex regulations. managed service new york You gotta provide regular, focused training that covers everything from phishing scams to proper data disposal. managed it security services provider And you gotta document it! (Think of it as CYA, you know, covering your assets.)
And speaking of data disposal, that's a frequent blunder. Simply throwing away old computers or shredding documents willy-nilly isnt enough, nope. You need secure methods that guarantee the information is completely unrecoverable. Hard drive wiping, degaussing, professional shredding services... managed services new york city these are the kinds of things were talking about.
Finally, lets not forget about third-party service providers. You cant just assume your vendors are taking care of security. Youve got to do your due diligence, vet them properly, and make sure they have adequate protections in place. After all, if they screw up, you could be held liable. Yikes!
So, yeah, GLBA compliance aint a walk in the park. But by avoiding these common mistakes, you can significantly reduce your risk and keep the regulators off your back.