Dresner Group Blog
Dresner Examines Maryland Notification Law
In the past few months, Maryland Attorney General Brian Frosh has made quite a few moves in support of increased cybersecurity and the public’s awareness of it. Regardless of your opinion of his other policies, this demonstrated commitment to the public’s cybersecurity is a good thing to have in an attorney general, and the same commitment should be perceptible in your business’ operations.
It is little wonder that Frosh places such high urgency on cybersecurity - as the attorney general, he is the de facto chair of the Maryland Cybersecurity Council. This council assembles lawmakers, cybersecurity professionals and academics, as well as representatives for businesses at large, with the directive of improving cybersecurity. This council frequently works with NIST (the National Institute of Standards and Technology) and others to accomplish their goals.
What Is Being Done for Maryland’s Cybersecurity
In his role, AG Frosh has kept the population of Maryland updated of recent security events and breaches, and has advocated for the improvement of the state’s current cybersecurity standards. This past June, he teamed up with 21 other attorneys general to request Congress to invest in improved election security, especially after the confirmation that foreign actors had breached election systems in Florida and installed malware in the software used in North Carolina.
Maryland has also passed and updated numerous pieces of legislation into law to help protect individuals and their data:
The Maryland Personal Information Protection Act (MPIPA)
This act was passed as a means to help protect consumers from data breaches, and to assist them in protecting themselves should their information be compromised. It requires a business that experiences a breach to notify their customers within 45 days, unless a law enforcement agency specifically requests for them to hold off, or if they are actively investigating the extent of the breach. These businesses must also reach out to the Maryland Office of the Attorney General with information about the breach, what information was accessed, and what is being done to reinforce the system.
The Maryland Consumer Protection Act
The Consumer Protection Act, or the CPA, is intended to protect consumers from bad business practices. One example - except in certain cases where such information would need to be retained (like for delivery purposes), a business cannot record that customer’s address or telephone number. Another - a business is prohibited from recording a customer’s account numbers when that customer is paying by check.
Another bill, Senate Bill 490, was meant to prohibit the practice of swiping an identification or payment card for the express purpose of collecting personal information. However, it was given an unfavorable report, and will likely see some revisions before it reemerges.
What You Can Do to Protect Client Data
I want you to put yourself in your prospective clients’ shoes for a moment… would you rather do business with a company that followed the letter of the law to protect your interests, or, a company that met the standards and regulations set upon them... and then went above and beyond regarding the security of your data and information?
If you’re worried about your data ending up on the dark web, I know which one I’d prefer to work with.
This above-and-beyond approach is one that helps to minimize damage, rather than helping to patch things up after the fact. Let’s say a user accidentally downloads a ransomware infection to their workstation. While this would typically spread across the network and create a veritable disaster for your business, our first step is to isolate the infected computer.
Our team will make sure you’re covered by centralized antivirus and antimalware solutions, such as with a UTM… not only is your business protected, but it is so much easier to manage a centralized solution than one on each workstation.
We leverage firewall solutions, because if a threat can’t get into the network, it isn’t something you need to worry about.
Your email is critical to your continued operations, so we’ll protect it from threats like phishing and spam to preserve your productivity.
It’s important to train your team on security measures, because each of your employees and their work computers could potentially pose a very real threat to your data security. While we can mitigate intrusions via encryption, having a well -trained team is invaluable and reduces the need for us to assist. Your team is your first line of defense, with them trained, data will be more difficult to steal, and even if it is stolen, our encryption makes it unreadable.
You want your business to be protected the way that the security professionals choose to protect their own interests. That’s what we offer through our comprehensive, tested, and proven security services.
To learn more, reach out to us and ask how we can keep your business and its data safe. Call Dresner Group today at 410-531-6727.