Most businesses store sensitive information in their files, such as names, social security numbers and credit card numbers. This information is kept to identify customers and employees. It’s also necessary for completing certain tasks, such as filling orders, issuing paychecks and handling tax matters.
The problem with storing vulnerable information is that it can get into the wrong hands. A security breach can quickly take a toll on your business, leading to lost trust, a damaged reputation and costly lawsuits.
At Arkware, we highly recommend not storing sensitive information like SSNs and credit credit numbers unless absolutely necessary. If you feel that keeping this information on file is required to do business, we strongly encourage encryption.
Below are four principles that the FTC recommends following when building a strong digital data security plan.
1. Know what information you have on your computers.
The first thing is to know what information your business currently has on file. Inventory everything in your workplace: computers, laptops, mobile devices, flash drives, digital copiers, etc. Anything that holds sensitive data should be checked.
Once this is complete, it’s also important to assess what information is coming to you and what you’re doing with it. For example, who sends personal information your way? How is this information received? Who has access to this information?
2. Keep only the information your business needs.
When you know what you have, you can scale down. Chances are, you don’t need everything you have in your possession, so why be liable for it? If you must collect personal information, keep it only for as long as you need it. Here are a few tips to keep in mind.
- Don’t keep credit card information unless you need it
- Use SSNs only for required and lawful purposes
- Allow mobile apps to access limited data and functionality
- Give employees the least amount of information they need to do their jobs
3. Encrypt all sensitive information.
Everyone in your workplace should follow good security practices – not just your IT staff. Make sure employees are properly trained as well. Encryption is one of the best ways to protect sensitive data, as it allows only authorized users to access it. Other steps you can take include:
- Logging off computers at the end of each day
- Running anti-malware programs on individual computers and servers
- Restricting employees’ ability to download software
- Not storing sensitive information on computers without a secure connection
4. Dispose of what you don’t need.
Identity thieves can do a lot of damage with a small amount of information. All sensitive information should be disposed of when you no longer need it. There is no reason to keep this data and be at risk for a devastating security breach. When disposing of information, be sure you follow the best practices. For example, erase computers using a wipe utility program. Shred, burn or pulverize paper documents.
Security breaches happen all the time. Don’t let you business fall victim to one. If you feel that your clients’ personal information is critical to your business, make sure the data is encrypted. Contact Arkware to learn more on data encryption solutions.