The New York Attorney General, Letitia James, has recently released a guide to help businesses prepare their data security programs and respond to data security incidents. The guide combines security program recommendations with highlights from recent research by the Attorney General, providing valuable insight into data security pitfalls that need to be corrected.
The guide includes nine items that are recommended for inclusion in a data security program. These items comprise security measures such as multi-factor authentication, the use of complex passwords, encryption of sensitive data, and deletion of old or unused accounts. It also includes policy advice, such as maintaining a data storage map so that companies know where sensitive data resides, and properly auditing vendors’ information security practices.
Importantly, two of the nine recommendations focus on responding to data security incidents. This highlights that incident response is an integral part of a comprehensive data security program. The guide aims to inform companies of some of the key elements required in a data breach investigation by the New York Attorney General’s Office.
By including practical examples, the Attorney General provides a clear list of features that every data security program should address. This guide is intended to assist businesses in developing effective data security programs, as well as helping them respond to incidents that compromise their data security.