At the Federal Trade Commission’s first “Start with Security” event recently held in California, the agency emphasized the importance of including data security considerations from the inception of any business.
Targeting tech startups and small- and medium-sized businesses, the FTC presented speakers and hosted panel discussions to explain that the concept of “security by design” is cheaper and easier in the long run, with Chairwoman Edith Ramirez recommending the use of encryption (particularly while data is in transit).
At least one individual should be identified as the person primarily accountable for data security, speakers said, with additional members added to the team depending on the size and technological needs of the company. Some panelists suggested that all engineers receive at least baseline training in security issues.
Data security is not static, attendees were told. Since a business’s needs will constantly evolve and change, companies must constantly monitor and tweak systems and policies, incorporate periodic testing, and identify and fix security vulnerabilities throughout the life cycle of the technology.
Taking advantage of the existing security community and third-party resources was also suggested, as was the implementation of “bug bounty” programs that reward those who report vulnerabilities. Such programs may be a challenge for a small start-ups, but larger companies should consider creating incentives that would encourage employees to find security problems.
To read more about the FTC’s Start with Security event, click here.
Why it matters: The FTC continues to flex its data security regulatory muscles in the wake of the Third Circuit Court of Appeals’ September decision that the agency has the power to enforce unfair or deceptive acts or practices in the corporate cybersecurity space. A second Start with Security event is slated for November in Texas.