1. Take Stock. Know what personal information you have in your files and on your computers.
Effective data security starts with assessing what information you have and identifying who has access to it. Understanding how personal information moves into, through, and out of your business and who has—or could have—access to it is essential to assessing security vulnerabilities. You can determine the best ways to secure the information only after you’ve traced how it flows.
2. Scale Down. Keep only what you need for your business.
If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it. If you have a legitimate business need for the information, keep it only as long as it’s necessary.
3. Lock it. Protect the information that you keep.
What’s the best way to protect the sensitive personally identifying information you need to keep? It depends on the kind of information and how it’s stored. The most effective data security plans deal with four key elements: physical security, electronic security, employee training, and the security practices of contractors and service providers.
4. Pitch it. Properly dispose of what you no longer need.
What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
5. Plan Ahead. Create a plan to respond to security incidents.
Taking steps to protect data in your possession can go a long way toward preventing a security breach. Nevertheless, breaches can happen. Have a plan in place to respond to security incidents. Designate a senior member of your staff to coordinate and implement the response plan. If a computer is compromised, disconnect it immediately from the internet.
What are YOU doing to protect data security at your company? Post a comment on our blog sharing one of your techniques by the end of day Friday, February 12th, 2010 and be entered into a drawing to win a $25.00 Starbucks gift card. Share this blog with your friends so we can get their ideas as well!