A business collects personal data on employment applications. They may have customers’ credit card numbers on file. Every business has its own sensitive files – its bank account, EIN, fianacial information and more. Confidential information that is unprotected is a huge risk. It is estimated that financial fraud through identity thefts costs American businesses $56 billion annually. That’s right – that’s a “b” – billion. Here are 5 tips to keep data safe from the FTC based on their case.
- Endpoint Security. As the old saying goes, a chain is only as strong as its weakest link. That is particularly true with a company’s data. In the case of data, this may often be a computer with remote access. One of the company’s that advertises it keeps your identity safe, learned this when the FTC charged that Lifelock failed to put antivirus programs on computers used by employees for remote access to the network. Another weak link might be giving a client login information for a specific purpose. Their computers – if not properly secured – can open a portal to your business. Know what employees or other companies and entities are using remote access and take the necessary steps which could include encryption to make sure these computers are as safe for data as the ones in the office.
- Look at Your Contracts. If you are outsourcing part of your business to another company, put your security expectation in writing. Make them part of the contract. Your business can make adopting reasonable security precautions a condition for doing business.
- Know where Sensitive Documents are Stored and/or Used. In one case brought by the FTC, a former business owner stored consumer information in his garage. Lifelock was also tagged for faxing documents with consumer information in an open and accessible area. Data needs to stored securely and if it is being used precautions must be taken to keep it safe.
- Protect Data Movement. We’re talking about actual physical movement of data from one point to another. The FTC alleged that an employee of a health related company left information on 23,000 patients on a laptop in a locked car. The laptop was stolen. If you have to move information from one place to another, make sure someone keeps it both in sight – not left – and securely locked. If you need to mail a file, drive, disk, etc. make sure you use a mailing method with tracking.
- Dispose of Data Securely. It’s not trash. For example, the FTC alleged that CVS and Rite Aid tossed personal information – like prescriptions – in dumpsters. In another case, the FTC alleged that an employee sold surplus used hard drives. Unfortunately they contained personal information on approximately 34000 customers in text. Paper shredding companies that shred both paper and hard drives onsite could prevent this risk.Simply from the time your company gathers sensitive, confidential data until it is safe destroyed, it must be treated with extreme caution to avoid fraudulent use.