Stay-at-Home Data Breaches / Remote Monthly Billing Fiasco Now Unfolding?: IAITAM

Now that major parts of the United States are under stay-at-home orders, unprepared corporations face a huge data control problem as they go into their first major billing cycle carried out by employees working at home, according to the   International Association of IT Asset Managers (IAITAM).

Thousands of U.S. companies are relying on employees untrained in doing their jobs from home and using untracked equipment on insecure Wi-Fi connections.  Not only are these companies putting their own data at risk, but they are also exposing sensitive data about their clients.    Less than two weeks ago, The International Association of IT Asset Managers (IAITAM) issued a warning to organizations and government agencies, urging them to consider “nightmare data risks” before moving to work-from-home arrangements.

IAITAM is concerned that many employees will be ill-equipped on home computers and other BYOD (bring your own device) equipment to handle sensitive data such as credit card numbers, foreshadowing imminent breaches of personally identifiable information (PII). Ensuring that policies and procedures are in place and enforced (including on a remote basis) is imperative to protecting data and the integrity of an organization.Billing information always contains PPI, which is subject to data privacy regulations. It is important to ensure that assets used at home are abiding by internal policies and external regulations that govern billing information. For instance, Payment Card Industry (PCI) Data Security Standard compliance dictates that companies cannot track credit card numbers or duplicate them without appropriate masking. Under these terms, printing an invoice or taking a credit card payment over the phone, and writing it down without redacting full account numbers, could be considered a data breach.

Industry regulations for sectors such as education, finance or healthcare have separate considerations. Additionally, all businesses that handle data from European citizens are subject to GDPR enforcement and hefty non-compliance fines. It is advisable to consult with an experienced IT Asset Management professional, who can appropriately determine which data regulatory guidelines are at work and how to apply them properly.

Leave a Reply

%d bloggers like this: