In light of all the media attention accorded to what happened at Home Depot (where hackers gained access through a small business subcontractor’s insecure site), Target, Sony, and other large companies, I thought it appropriate and timely to feature an article by Corey Rogan about protecting your business and personal information on company hardware and software. This article is insightful and informative. Enjoy – TCW
Part 1: Tips to Protect Personal Information for Businesses
Regardless of a business’s industry or size, it’s essential to safeguard all personal data in order guard against data theft and security breaches. In this age, digital theft is an increasing problem. However, a business can take some solid steps to minimize the risks of data breaches and protect the sensitive information of customers and employees. In this two-part series, you can learn how to implement steps to protect the integrity of your business and manage your data effectively and securely.
Before you adopt a new plan or make big changes to the way you store and protect data, it’s best to carefully assess your current plan, assuming you have one. Find out where your vulnerabilities lie. You might have insecure printers associated with your network. You might have a lax password and login policy. You might invite a security consultant to your business, one who specializes in digital security. By finding out where your problems lie, you can create a better plan that minimizes your security risks.
When creating a new security plan, it’s important for businesses to inventory all items and who has access to them. Be sure to inventory all desktop computers, laptops, tablets, printers, and “digital copiers.” (1) You also need to know who uses each piece of equipment. This inventory can be quite extensive, particularly if you operate a large business. However, you need to understand exactly what sensitive data is stored on each type of equipment, who accesses it and why, and how you can best secure that information from theft.
Get Rid of Anything You Don’t Need
Data can be like clutter, so it needs to be managed carefully or it can get out of hand. Businesses should adopt a policy that instructs them to get rid of any data that is not essential. If you don’t keep sensitive data, you don’t have to worry about managing it for years to come. Talk to various departments and develop a plan for eliminating all but the most essential data from your network. In fact, “don’t keep customer credit card information unless you have a business need for it” (2) and if you do keep information, be sure you store it a manner that complies with the laws regarding data storage.
Create an Incident Plan
During your security makeover, be sure to create a plan of action should a security breach occur. Many companies, even large corporations, have been caught like a deer in the headlights when a security theft occurs. Not having an immediate plan of action further erodes the integrity of the business and undermines its authority, its ability to maintain sensitive data. A good plan ensures that you can take immediate steps to remedy the situation after a data breach occurs.
1. TROY, “Check Disbursement Software,” http://www.troygroup.com/products/software/securecheckflow.aspx
2. Federal Trade Commission, “Protecting Personal Information: A Guide for Business,” http://www.business.ftc.gov/documents/bus69-protecting-personal-information-guide-business
Corey Rogan is an IT specialist and loves to go hiking, camping and traveling during his free time.