Most companies keep sensitive information in their files, whether it's names, Social Security numbers, credit cards, or other account data that identifies customers or employees. Businesses often need this information to fill orders, meet payroll, or perform other business functions. But if the information falls into the wrong hands, it can lead to fraud or identity theft. The cost of a security breach can be measured in the loss of your customers' trust and perhaps even a lawsuit, which makes safeguarding personal information just plain good business.
Effective data security starts with an assessment: Taking stock of what information you have and who has access to it. Understanding how personal information moves into, through, and out of your business and who has -- or could have -- access to it is essential to figuring out your security vulnerabilities.
Scale Down. Keep only what you need for your business. If you don't have a legitimate business need for sensitive information, don't keep it. In fact, don't even collect it in the first place. And if you do have a legitimate business need for the information, keep it only as long as necessary.
What's the best way to protect information that you absolutely have to keep?
The answer really depends on the kind of information you're dealing with and how it's stored. The most effective data security plans deal with four important elements: physical security, electronic security, employee training, and the security practices of your contractors and service providers. Many data compromises happen the old-fashioned way-- through lost or stolen paper documents. So much of the time the best defense is a locked door or an alert employee. For more on how to get started protecting your own personal information, watch this instructional video from the FTC.
Hosted by ftc.gov
Creator's Site: www.ftc.gov
Curated By: tenebrism
