How to protect sensitive information in the organization
Most companies keep sensitive personal information in their files-names, Social Security numbers, credit card, or other account data-that identifies customers or employees. This information often is necessary to fill orders, meet payroll, or perform other necessary business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach-losing your customers' trust and perhaps even defending yourself against a lawsuit-safeguarding personal information is just plain good business. Show A sound data security plan is built on 5 key principles: 1. Take stock. Know what personal information you have in your files and on your computers. 2. Scale down. Keep only what you need for your business. 3. Lock it. Protect the information that you keep. 4. Pitch it. Properly dispose of what you no longer need. 5. Plan ahead.Create a plan to respond to security incidents. Use the checklists on the following pages to see how your company's practices measure up-and where changes are necessary. 1. Take stock. Know what personal information you have in your files and on your computers. Effective data security starts with assessing what information you have and identifying who has access to it. Understanding how personal information moves into, through, and out of your business and who has-or could have-access to it is essential to assessing security vulnerabilities. You can determine the best ways to secure the information only after you've traced how it flows.
Track personal information through your business by talking with your sales department, information technology staff, human resources office, accounting personnel, and outside service providers. Get a complete picture of:
Different types of information present varying risks. Pay particular attention to how you keep personally identifying information: Social Security numbers, credit card or financial information, and other sensitive data. That's what thieves use most often to commit fraud or identity theft. 2. Scale down. Keep only what you need for your business. If you don't have a legitimate business need for sensitive personally identifying information, don't keep it. In fact, don't even collect it. If you have a legitimate business need for the information, keep it only as long as it's necessary.
3. Lock it. Protect the information that you keep. What's the best way to protect the sensitive personally identifying information you need to keep? It depends on the kind of information and how it's stored. The most effective data security plans deal with four key elements: physical security, electronic security, employee training, and the security practices of contractors and service providers. Physical Security
Electronic Security General Network Security
Password Management
Laptop Security
Firewalls
Wireless and Remote Access
Detecting Breaches
Employee Training
Security Practices of Contractors and Service Providers Your company's security practices depend on the people who implement them, including contractors and service providers.
4. Pitch it. Properly dispose of what you no longer need. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
5. Plan ahead. Create a plan for responding to security incidents. Taking steps to protect data in your possession can go a long way toward preventing a security breach. Nevertheless, breaches can happen. Here's how you can reduce the impact on your business, your employees, and your customers:
These websites and publications have more information on securing sensitive data: National Institute of Standards and Technology (NIST)'s Computer Security Resource Center www.csrc.nist.gov NIST's Risk Management Guide for Information Technology Systems Department of Homeland Security's National Strategy to Secure Cyberspace National_Cyberspace_Strategy.pdf SANS (SysAdmin, Audit, Network,
Security) Institute's Twenty Most Critical Internet Security Vulnerabilities United States Computer Emergency Readiness Team (US-CERT) Carnegie Mellon Software Engineering Institute's CERT Coordination Center Center for Internet
Security (CIS) The Open Web Application Security Project Institute for Security Technology Studies OnGuard Online How will you protect sensitive information?How can I protect Sensitive Data? Encryption is the most effective way to protect your data from unauthorized access. Encryption can be defined as transforming the data into an alternative format that can only be read by a person with access to a decryption key.
How can an organization best safeguard sensitive information?10 Ways to Protect Sensitive Employee Information. #1: Develop formal policies and procedures. ... . #2: Maintain records securely. ... . #3: Follow recordkeeping laws. ... . #4: Comply with state data privacy laws. ... . #5: Avoid using SSNs when possible. ... . #6: Restrict access. ... . #7: Keep an access log and monitor it.. Which best describes how we protect sensitive information and resources in your workplace?To help protect sensitive employee information, develop effective data security controls, train employees and supervisors, and use proper record disposal practices.
|