A settlement between the Federal Trade Commission (FTC) and computer vendor Asus shows employers one way to stay on the feds’ good side – act quickly when you receive vulnerability reports.
According to the complaint, Asus misrepresented its security policies, and failed to act on vulnerability reports quickly.
Delayed notification
Specifically, the FTC alleges that Asus took too long to address reported vulnerabilities and notify its customers that the flaws could lead to cyberattacks.
That delay was a key factor in the company’s poor security practices, the FTC said. To settle the suit, Asus has agreed to implement a more thorough security program that fixes these issues, along with other steps.
To keep out of federal regulator’s crosshairs, be sure you have solid procedures to address vulnerabilities and notify consumers if those flaws could endanger their data security.