Login
Join For Free

What Increasing Cyber Security Regulation Means for Your Business

Various U.S. government agencies have recently been stepping up their involvement in the regulation of data security. That means that if the data your company stores is breached, it may be subject to enforcement actions and fines from multiple regulatory agencies, depending on the nature of the affected data.

Here are the different regulators that are most involved in handling cyber security issues:

Securities and Exchange Commission (SEC)

  • The SEC has very specific rules about risk management and disclosure for financial firms and they have issued a cyber security guide on that topic.
  • The SEC Office of Compliance Inspections and Examinations (OCIE) audits broker-dealers and investment advisors for cyber security risk preparedness, which means that your company needs to be prepared to meet the SEC security standards for financial industry clients.

Federal Trade Commission (FTC)

  • This agency is the foremost national regulator of privacy and cyber security issues across industries.
  • They not only focus on data storage and computing devices, but also the information that is stored and transmitted via connected devices such as video cameras, GPS trackers and other appliances.

Federal Communications Commission (FCC)

  • This agency concentrates mainly on cyber breaches and privacy issues related to the telecommunications industry, so it’s important to be aware of their standards if you serve telecom customers.
  • They are notorious for their heavy fining of companies that do not protect their customers’ private information.

Health and Human Services Office for Civil Rights (HHS OCR)

  • The OCR’s particular concentration is on breaches of health care records. Since these have become more common, the agency is increasing enforcement actions against companies that are responsible for the loss of customer data.
  • If your company stores medical, health care or other patient information, you need to be aware of OCR regulations.

While these agencies will generally focus first on the companies responsible for their data, their investigations, enforcement and fines may encompass MSPs and other vendors who also bear data security liability.

As always, a Cyber Liability Insurance Policy is a good choice to minimize the financial impact to your company in the event of a cyber crime.

About MSPAlliance

Founded in 2000, MSPAlliance is the world’s largest community for managed service providers. Free membership gives you access to resources, research, and certification programs that help you build a mature, compliant, and trusted MSP business.  Click here to apply.

more insights