As a Massachusetts-based company, the statistic released this week by the office of Attorney General, Martha Coakley, “Personal information from nearly one out of three Massachusetts residents, from names and addresses to medical histories, has been compromised through data theft or loss since the beginning of 2010,”are worth sharing.
As a company that offers endpoint security solutions, a story like this highlights the most vulnerable victim, the individual. Very often, consumers are at a higher risk of falling victim to identity theft when a data breach occurs because it is their personal information that has been compromised. The new law enacted in 2007 requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Beth Givens, director of Privacy Rights Clearinghouse in San Diego said “laws like the one in Massachusetts are the next best thing. They force companies to publicly acknowledge the problem and take action to upgrade their security policies.”
Coakley said companies must do more to protect the personal data in their files. “They need to be able to have up-to-date systems that both prevent a breach and identify breaches when they occur,’’ she said. Viewfinity is helping many companies update their security infrastructure by helping companies remove administrator rights to provide a fundamental layer endpoint protection. Without administrator rights, users cannot download/install/run applications that require admin rights, which often are gateways for viruses and malware to attack the system. For legitimate business applications, Viewfinity Privilege Management enables IT to manage the permissions needed for the end user so that they can still perform their daily job functions using only what they need for their job tasks. With protective measures like this in place, companies immediately realize the value of removing administrative privileges from end users and operating in a least privileges environment. Also, privilege management prevents the sharing of patient data, which helps with HIPAA compliance mandates.