5 Occasions When Sensitive Data May Be Especially Vulnerable

Male hand moving the queen
  • September 8, 2016
  • Print This Post

Between regulators, hackers and careless employees, it’s almost impossible to number all your compliance and security risks, let alone proactively manage them to mitigate vulnerabilities.

Posts like our “Take the Headaches Out of Regulatory Compliance” and “5 Ways to Secure Your Company without Breaking Your Budget” offer some prudent and practical tips, as does a recent piece penned by attorney and data security/compliance experts, Robert J. Munnelly, Jr., over at CorporateTechDecisions.com. In it, Munnelly describes occasions when sensitive customer or patient data may be more vulnerable than usual, and possibly require the assistance of outside security experts to help reduce risks.

#1: Regulatory Uncertainty. Keeping up with the tidal wave of date-security legislation can challenge even proactive, resource-rich organizations. It’s conceivable, then, that small- to medium-sized companies that handle government-protected personal or patient-related data may be unclear about which laws and rules they’re actually subject to. Clarifying and responding to state and federal requirements may justify seeking guidance from an IT Managed Services Provider (IT MSP) or other third-party specialist.

#2: Strategic Oversights. It’s not uncommon for companies to draft well-written information security plans but omit or gloss over essential non-IT components, such as: the handling and destruction of electronic and paper records, physical access and security gaps, and management of remote devices and smartphones. Providers with a broad range of security experience and expertise could provide essential insights to help round out your strategy or plan.

#3: Resource Limitations. It’s a familiar, sometimes heartbreaking story, especially for SMBs and family-owned companies: trying in vain to manage full-time security threats with limited or part-time resources. Specific challenges, Munnelly says, include: failing to purchase the right technologies; postponing or ignoring firewall maintenance and virus software updates, not closely monitoring and managing wi-fi networks, server ports, copier hard-rives, and laptop-disk encryption.

#4: Being Underinsured. In recent years, general liability insurance policies have squeezed data security-related losses out of their coverage, shifting them instead to cybersecurity policies. In the broader context of risk mitigation and management, it might make sense for your leadership team to work with a professional to fully understand the liabilities, benefits, terms, conditions and loss-claim procedures of both types of coverage.

#5: Risky Business. In recent years, hackers bent on stealing and selling sensitive information have shifted their efforts from targeting high-value businesses directly to focusing instead on attacking their professional service providers–law firms, in particular.

They may believe (perhaps rightly) that such companies are often behind the information security curve, and thus more vulnerable to network intrusion via malware, DDoS, Business Email Compromise (BEC) fraud, social engineering and other malicious attacks. If any of these potential vulnerabilities hits too close to home, contact TeamLogic IT today.

Need Help With
Your IT?

Find a Location


Need Help with your IT?

Find a Location
Near You.


into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter


ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.