Data security is a challenge faced by every business today. A 2012 survey of 2,100 businesses conducted by Applied Research revealed that 74 percent of the businesses surveyed were affected by cyber attacks in the past 12 months. Sixty-two percent indicated that they had lost at least one mobile device in the last 12 months and 100 percent admitted that at least some of their lost devices had no password protection. Confidential data had been lost in the last 12 months by 42 percent of the businesses surveyed. Most businesses, large or small, are aware of the threats to their data security, whether from viruses, hackers or their own internal employees. Consider these simple practices to help protect your sensitive data:
- Keep sensitive data out of unauthorized reach – Put away files to keep sensitive information away from bystanders and other prying eyes at the office or in public areas where you may be working. Be alert to who could be looking at your computer screen or work materials. Don’t leave sensitive data unattended, even for a short time.
- Lock up sensitive data – Lock cabinets, file rooms or other areas that store files containing private data about customers, clients, patients, accounts and employees.
- Restrict access to data – Allow access only to those who have a need to know sensitive information, whether physical or electronic. Put written procedures in place defining who has access to restricted information.
- Determine what information is necessary – Collect and keep only the data that is absolutely necessary. Collecting excessive personal information, such as Social Security numbers you do not need, can be more of a liability than an asset.
And for dealing with technology:
- Limit the use of portable technology – Restrict the transfer of sensitive information from on-premises computers to portable devices, such as cell phones, laptops and USB flash drives. If it is necessary to put confidential data on these devices, make sure information is encrypted and password-protected.
- Utilize password protection and encryption – Always encrypt sensitive information. Inexpensive or even free encryption technologies are readily available.
- Install anti-virus, anti-spyware and firewalls – Run all systems with the most recent enterprise-level anti-virus, anti-spyware and anti-malware applications. Use firewalls to control access to the Internet and to lock out hackers.
- Properly dispose of technology hardware – Implement policies on how to securely destroy old computers, disks, tapes, copy machines, fax machines, printers, scanners, CDs, memory devices and other equipment that may contain sensitive information.