2018 GNYADA Membership Directory

• Maintain up-to-date firewalls, particularly if you use a broadband Internet connection or allow employees to connect to your network from home or other off-site locations; • Regularly ensure that ports not used for your business are closed; and • Promptly pass along information and instructions to employees regarding any new security risks or possible breaches. Use appropriate oversight or audit procedures to detect the improper disclosure or theft of customer information. It’s wise to: • Know the life cycle and path of information that comes into your network. Monitor for any irregularities which may indicate an intruder has gained access to your system; • Keep logs of activity on your network and monitor them for signs of irregular activity or unauthorized access to customer information; • Use an up-to-date intrusion detection system to alert you of attacks; • Monitor both in- and out-bound transfers of information for indications of a compromise, such as unexpectedly large amounts of data being transmitted from your system to an unknown user; • Insert dummy accounts into each of your customer lists and monitor the dummy accounts to detect any unauthorized contacts or changes; • Assess the vulnerability of your website and computer network to commonly known and reasonably foreseeable attacks, such as SQL injection attacks. Stress testing your system regularly by a security firm is a good practice to meet this requirement; • Implement simple, free or low-cost, and readily available security defenses to SQL and similar attacks; • Use readily available security measures to monitor and control connections from your network to the Internet; • Prevent users from downloading “P2P”file-sharing network software that can allow any network user to access other users’data servers; • Employ reasonable measures to detect unauthorized access to consumer information such as by keeping log events, paper file access records, and other records of persons accessing consumer information. Watch

117 2 0 1 8 MEMBERSHIP DIRECTORY Hot TOPICS

for changes in users’access behavior. If a user’s access to customer records increases unexpectedly, quickly find out why;

• Implement system procedures to preclude downloading of customer information to portable media such as USB drives or external hard drives. Ideally, customer information should remain on a server with read-only access on user devices;

Made with FlippingBook Annual report