Directive Can Ensure Your Business Follows the New York SHIELD Act

Not long ago, we shared some information about the New York SHIELD Act—Stop Hacks and Improve Electronic Data Security—and what it has changed in terms of business cybersecurity preparedness across the board. This time, we wanted to discuss all that we’ll do to ensure that your business remains compliant with this relatively new law.

What Does the New York SHIELD Act Require—A Review

While we’ve covered this in greater detail already, the SHIELD Act establishes a few key things. With more inclusive and clear definitions of private information and breaches, a wider net as to who the law covers, and more strict requirements placed on businesses, the SHIELD Act effectively provides a framework for those businesses that use or retain information on a New York state resident to follow. 

Using this framework, a business can not only be better prepared to resist a cyberattack, but also have guidance for how they are to conduct themselves should their security fail.

Of course, we don’t want this to happen.

Let’s go over a few of the ways that we can, as the law says, help you stop hacks and improve your electronic data security.

How New York Businesses Can Follow the SHIELD Act:

Ensure All Other Regulatory Standards Are Upheld

It may sound odd, but if your business is beholden to existing regulatory standards, maintaining these requirements helps to ensure that you are also compliant to the SHIELD Act. This includes HIPAA and HITECH (the Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act, respectively), as well as the  Gramm-Leach-Bliley Act.

Encrypt Your Data

While this won’t do much to keep your company out of hot water—you’ll still have experienced a data breach, after all—encrypting your data will help keep anything an attacker gets that much safer. How so?

Well, tell me if you can read this:

“4SxqNsI9t3PT3augmUrnyFgzxiCaWOIdLsKbYlsqZXxWMPeRM3WGgH0phtvMK28XYC2Rc1uYRnVod7Ds0mkUgKOo9bAv3vj9wkVBZhVfryk=”

No? Well, that’s the point. 

By encrypting data, you scramble it to be completely illegible. As that line reads after it is decrypted, “By scrambling your data, encryption helps to protect it from unwanted eyes.” 

In essence, encryption helps to protect your data by rendering it effectively useless to whomever steals it.

Put Various Safeguards in Place

Security requires a comprehensive approach, meaning that there are various precautions you need to take in order to sufficiently protect your business. Your business needs to have concrete processes in place at every level—administrative, technical, and physical—in order to identify and eliminate the various threats that put your business at risk.

Don’t Risk Noncompliance to the SHIELD Act

Directive is here to assist with all of your IT needs, including where your business’ compliance is involved. Reach out to us to learn more about how we can help by calling 607.433.2200.