The federal government is urging companies to protect sensitive personal information from hackers who want to steal it.
The guidance, which was released Monday, urges companies to “take appropriate measures to mitigate the risk that your personal information may be accessed by a third party.”
It also says companies should make sure they have a “robust backup plan” and “assist you in determining whether your data has been compromised.”
The guidance came from the Department of Homeland Security, which said it is working with businesses to “develop policies, processes and tools to help businesses manage their personal information.”
Hackers who seek to steal data from companies are known to hack through companies’ websites, including those of social media companies and credit reporting agencies.
Companies are not required to protect their data against those attacks, but the guidance suggests companies should be prepared to do so.
It says that while “the FBI’s criminal investigations have identified no evidence that individuals engaged in cybercrime directly or indirectly through the use of social networking sites or other platforms,” it notes that “an increasing number of criminal investigations, investigations and prosecutions involve cyber-enabled criminal activity.”
The government recommends that companies use “strong encryption, including strong authentication measures.”
It also urges companies “to maintain sufficient capacity and to mitigate against potential loss or theft of sensitive data.”
The document also says that businesses should “make sure their personal data is secure by securing it with a strong password, password manager or other authentication method.”
It is not immediately clear how much the government expects companies to pay in damages.
Hackers are often looking to take personal information when they break into networks, often for the purpose of stealing credit card information.
But the guidance says companies are not legally required to pay for damage caused by the attacks.