What’s in your file cabinet right now? Tax records? Payroll information? And what’s on your computer system? Financial data from your suppliers? Credit card numbers from customers? To business owners, these documents are a daily part of doing business, but in the hands of an identity thief, they’re tools for draining bank accounts, opening bogus lines of credit and going on shopping sprees at the expense of your company, employees and customers.
Many security breaches can be prevented by common sense measures that cost companies next to nothing. That’s why the Federal Trade Commission (FTC) has published Protecting Personal Information: A Guide for Business, a handbook with practical tips about securing sensitive data. The specifics depend on the size of your company and the kind of information you have, but the basic principles remain the same. Whether you work for a multinational powerhouse with branches around the world or a start-up based in a home office, a sound information security plan is built on these five key practices:
- Take stock. Know what personal information you have in your files and on your computer. Understand how personal information moves into, through and out of your business and who has access — or could have access to it.
- Scale down. Keep only what you need. If you don’t have a legitimate business reason to have sensitive information in your files or on your computer, don’t keep it.
- Lock it. Protect the information you keep. Be cognizant of physical security, electronic security, employee training, and the practices of your contractors and affiliates.
- Shred it. Properly dispose of what you don’t need. Make sure papers containing personal information are shredded so they can’t be reconstructed by an identity thief.
- Plan ahead. Draft a plan to respond to security breaches. Designate a senior member of your team to create an action plan before something happens.
Download a copy of Protecting Personal Information: A Guide for Business at www.ftc.gov/infosecurity. Share the handbook with your IT manager, human resources department, sales staff and anyone else who comes in contact with customer or employee information.
Protecting personal information will help keep your employees, customers and vendors safe from identity thieves and maintain the reputation of our company. For more information and resources visit www.ftc.gov/infosecurity.