Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data—that identifies customers or employees. Show
This information often is necessary to fill orders, meet payroll, or perform other necessary business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach—losing your customers’ trust and perhaps even defending yourself against a lawsuit—safeguarding personal information is just plain good business. Some businesses may have the expertise in-house to implement an appropriate plan. Others may find it helpful to hire a contractor. Regardless of the size—or nature—of your business, the principles in this brochure will go a long way toward helping you keep data secure. A sound data security plan is built on 5 key principles:
1. TAKE STOCK. Know what personal information you have in your files and on your computers.
SECURITY CHECKQuestion: Answer: Effective data security starts with assessing what information you have and identifying who has access to it. Understanding how personal information moves into, through, and out of your business and who has—or could have—access to it is essential to assessing security vulnerabilities. You can determine the best ways to secure the information only after you’ve traced how it flows. To find out more, visit business.ftc.gov/privacy-and-security. 2. SCALE DOWN. Keep only what you need for your business.If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it. If you have a legitimate business need for the information, keep it only as long as it’s necessary.
SECURITY CHECKQuestion: Answer: If you must keep information for business reasons or to comply with the law, develop a written records retention policy to identify what information must be kept, how to secure it, how long to keep it, and how to dispose of it securely when you no longer need it. 3. LOCK IT. Protect the information that you keep.What’s the best way to protect the sensitive personally identifying information you need to keep? It depends on the kind of information and how it’s stored. The most effective data security plans deal with four key elements: physical security, electronic security, employee training, and the security practices of contractors and service providers. Physical SecurityMany data compromises happen the old-fashioned way—through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee.
Electronic SecurityComputer security isn’t just the realm of your IT staff. Make it your business to understand the vulnerabilities of your computer system, and follow the advice of experts in the field. General Network Security
SECURITY CHECKQuestion: But once we receive it, we decrypt it and email it over the internet to our branch offices in regular text. Is there a safer practice? Answer: Authentication
Laptop Security
SECURITY CHECKQuestion: Answer: Firewalls
Wireless and Remote Access
Digital CopiersYour information security plan should cover the digital copiers your company uses. The hard drive in a digital copier stores data about the documents it copies, prints, scans, faxes, or emails. If you don’t take steps to protect that data, it can be stolen from the hard drive, either by remote access or by extraction once the drive has been removed. Here are some tips about safeguards for sensitive data stored on the hard drives of digital copiers:
To find out more, read Copier Data Security: A Guide for Businesses. Detecting Breaches
SECURITY CHECKQuestion: Answer: Protect your systems by keeping software updated and conducting periodic security reviews for your network. Bookmark the websites of groups like the Open Web Application Security Project, www.owasp.org, or SANS (SysAdmin, Audit, Network, Security) Institute’s The Top Cyber Security Risks, www.sans.org/top20, for up-to-date information on the latest threats—and fixes. And check with your software vendors for patches that address new vulnerabilities. For more tips on keeping sensitive data secure, read Start with Security: A Guide for Business. Employee TrainingYour data security plan may look great on paper, but it’s only as strong as the employees who implement it. Take time to explain the rules to your staff, and train them to spot security vulnerabilities. Periodic training emphasizes the importance you place on meaningful data security practices. A well-trained workforce is the best defense against identity theft and data breaches.
Security Practices of Contractors and Service ProvidersYour company’s security practices depend on the people who implement them, including contractors and service providers.
4. PITCH IT. Properly dispose of what you no longer need.What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
SECURITY CHECKQuestion: Answer: 5. PLAN AHEAD. Create a plan for responding to security incidents.Taking steps to protect data in your possession can go a long way toward preventing a security breach. Nevertheless, breaches can happen. Here’s how you can reduce the impact on your business, your employees, and your customers:
SECURITY CHECKQuestion: Answer: Additional ResourcesThese websites and publications have more information on securing sensitive data: Start with Security National Institute of Standards and Technology (NIST) SANS (SysAdmin, Audit, Network, Security)
Institute United States Computer Emergency Readiness Team (US-CERT) OnGuard Online Small Business Administration Better
Business Bureau The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a video, How to File a Complaint, at ftc.gov/video to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. Opportunity to CommentThe National Small Business Ombudsman and 10 Regional Fairness Boards collect comments from small businesses about federal compliance and enforcement activities. Each year, the Ombudsman evaluates the conduct of these activities and rates each agency’s responsiveness to small businesses. Small businesses can comment to the Ombudsman without fear of reprisal. To comment, call toll-free 1-888-REGFAIR (1-888-734-3247) or go to www.sba.gov/ombudsman. FEDERAL TRADE COMMISSION What do we call a mathematical model that predicts which job candidates are most likely to be high performers after being hired?Predictive analytics is an upcoming trend in Human Resources (HR). Recruitment tools predict high performers, and increasingly companies are able to predict which employee is likely to leave. In this article, we will explain what HR predictive analytics are and how they can be a real game-changer for HR departments.
What is the primary purpose of an applicant tracking system?An applicant tracking system (ATS) helps companies organize and track candidates for hiring and recruitment purposes. These systems allow businesses to collect information, organize prospects based on experience and skill set, and filter applicants. More than 90% of Fortune 500 Companies are currently using an ATS.
Which of the following refers to company records that show the present performance and Promotability of inside candidates for the most important positions?Company's record showing present performance and promotability of inside candidates for the most important positions can be shown through personnel replacement chart. This chart helps to analyze the suitability of the employees in the working organizations.
Which one of the following terms refers to the use of nontraditional recruitment sources?67) Which of the following terms refers to the use of nontraditional recruitment sources? A) negligent hiring B) personnel planning C) human resource management D) alternative staffing Answer: D Explanation: D) Alternative staffing refers to the use of nontraditional recruitment sources.
|