Attorney General Harris Unveils Cybersecurity Guide for California Businesses

The California Attorney General’s Office has announced the release of a new cybersecurity guide designed to help California businesses better protect against and respond to cybersecurity threats.  The guide provides a simple and easy to understand overview of basic security threats and outlines some practical steps for minimizing cyber vulnerabilities, including guidance on how to respond to cyber incidents. “California is at the center of the digital revolution that is changing the world. Because of work done by companies right here in our home state, we are more connected – and empowered – than ever before” said Attorney General Kamala D. Harris.  “But we are also increasingly vulnerable, a fact underscored by the recent holiday–period data breaches that impacted millions across the country.”

California has long been at forefront of cyber security advocacy and was the first state to pass a law mandating data breach notification.  In 2011, California established the eCrime Unit to prosecute identity theft, data intrusions, and crimes involving the use of technology.  In 2012, California established the Privacy Enforcement and Protection Unit in the Department of Justice, whose mission is to help to regulate and enforce laws addressing the collection, retention, disclosure, and destruction of private or sensitive information.  Continuing that tradition, Attorney General Harris, in collaboration with the California Chamber of Commerce and a mobile security company called Lookout, developed the guide titled, “Cybersecurity in the Golden State” (the “Guide”).

The purpose of the Guide is to specify ways that small and medium-size businesses can reduce cybersecurity risks.  To accommodate individuals who may not be tech-savvy, the Guide uses plain language to describe steps that any business can take to help protect itself, even if it lacks the resources to hire full-time cybersecurity personnel.

Key recommendations include:

  • Assume you’re a target and develop an incident response plan now;
  • Map your data and review where your business stores or shares information with third parties including backup storage and cloud computing;
  • Encrypt the data you need to keep. Strong encryption technology is now commonly available for free, and is generally easy to use;
  • Educate employees about cyber threats, as they are often the first line of defense;
  • Follow safe online practices such as regularly updating firewall and antivirus software on all devices, using strong passwords, and avoiding downloading software from unknown sources;

The issue of cyber security is increasingly important as the recent security breaches at Target and Niemen Marcus help to demonstrate.  According to data cited by the Attorney General’s Office, there were more than one billion cyberattacks in the first three months of 2013, a number that is likely to keep growing as hackers become more sophisticated and organized.  While the  recommendations contained in the Guide are not legally mandated, they do reflect security best practices that, if followed, have the potential to help mitigate the risk of cybersecurity attacks.

To obtain a copy of the “Cybersecurity in the Golden State” guide, click here.