The initiative, entitled “Start with Security”, aims to assist businesses improve their data security practices based on lessons learned from the more than 50 data security cases brought by the FTC in recent years.

The guidance, which can be found here, outlines 10 specific lessons that “touch on vulnerabilities that could affect your company, along with practical guidance on how to reduce the risks they pose.” The lessons are as follows:

• Start with security;
• Control access to data sensibly;
• Require secure passwords and authentication;
• Store sensitive personal information securely and protect it during transmission;
• Segment your network and monitor who’s trying to get in and out;
• Secure remote access to your network;
• Apply sound security practices when developing new products;
• Make sure your service providers implement reasonable security measures;
• Put procedures in place to keep your security current and address vulnerabilities that may arise; and
• Secure paper, physical media, and devices

In conjunction with the release of its guidance document, the FTC also launched www.ftc.gov/datasecurity, a “one-stop website that consolidates the Commission’s data security information for businesses.” Furthermore, the FTC will also be conducting a series of conferences across the country geared toward start-ups and developers that will “provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response.”

Source: FTC.gov, 6/30/2015