As data theft continues to become a growing threat, Cintas Corp., an information-management firm, offers 10 tips for protecting business data.
The list provides small to mid-sized businesses with critical steps to ensure electronic and paper documents remain secure and out of the reach of fraudulent activity.
About nine million Americans have their identities stolen each year, according to the Federal Trade Commission. Data theft can cost consumers and businesses millions of dollars repairing the damage to their name and credit record.
The top 10 tips to ensure data privacy include:
- Implement a document management program
Identify the types of documents considered confidential and train co-workers on responsible information-handling practices. Restrict co-worker access to these documents and discourage printing of confidential data unless essential.
- Implement a document retention schedule
Identify the amount of time to retain specific documents. Store these documents in a secure place until the retention period expires. A secure place restricts access to co-workers who don't have a need to access such files. When the retention period is complete, have the documents shredded by a trusted and certified company.
- Regularly shred sensitive documents
To protect sensitive information, consider a shredding service that destroys business documents onsite on a scheduled basis. These companies place secure storage containers in easily accessible and identifiable locations to make it convenient for employees to shred documents. This limits opportunities for employees to make judgment calls on which documents should be shredded. If in doubt, shred.
- Keep documents securely offsite
In addition to outside hackers, valuable employee or customer data may also be compromised. To prevent an unauthorized co-worker from accessing data, keep non-essential documents offsite, further limiting potential access.
- Limit acquisition of confidential customer data
Review the type of customer data your business collects. Unless it is integral to the business transaction, avoid collection of information such as customers' social security, bank accounts or driver's license numbers. If the information needs to be gathered, restrict access to only those co-workers who need the information.
- Use password protection
Protect files that contain sensitive data, including payroll, customer and financial information with passwords. Make sure your co-workers change passwords on a quarterly basis at minimum with a combination of six to eight numbers and letters in upper and lower case to further the reduce the opportunity for passwords to be compromised.
- Install and update virus protection software
Virus protection software is the first step in preventing a worm or virus from distributing files or other stored information from a computer over the network. Make sure employees regularly check for software updates so computers are protected against the latest virus threats.
- Clear data before disposing of old computers
Even if a computer is no longer used, sensitive data is still available on the hard drive. Potential hackers or data thieves could prey on such data. Use software programs to wipe the data or identify a data destruction vendor that will physically destroy the hard drive.
- Review company credit card statements
Company credit card data can be compromised just as easily as consumer data. Before paying bills, make sure each employee has reviewed each item to prevent unauthorized charges. If unauthorized charges occur, be sure to notify your credit card company all three credit bureaus to protect your credit.
- Limit use of file sharing programs
While an effective way to collaborate and share documents, file sharing programs can also expose a computer to hackers. If they must be used, make sure the system is protected by strong firewall and virus protection software that is regularly updated.
“As identity theft continues to grow, it is important to guard against potential risks so valuable customer data is consistently protected,” said Richard Kraus, Six Sigma Black Belt manager of Cintas. “Data Privacy Day is an opportunity for businesses to review their current document management programs and make sure they have the best practices in place to protect company, employee and customer data.”