New York Attorney General Letitia James recently published a guide to help companies in preparing their data security programs and responding to data security incidents. The security program recommendations are paired with highlights from recent investigations by the Attorney General that provide valuable insights into what the Attorney General views as data security pitfalls that should be remedied.
The guide contains nine items the AG recommends including in data security programs. These include security measures like use of multifactor authentication and complex passwords, encryption of sensitive data, and deletion of old or unused accounts. It also includes policy advice like maintaining a data storage map so companies know where sensitive data is located, and proper auditing of vendor information security practices.
