Skip to main content Skip to main menu Skip to footer

Business data theft prevention

Business data theft prevention

Decrease Text Size Increase Text Size

Page Article

For Small Businesses:

  1. Keep Only What You Need.  Reduce the volume of information you collect and retain to only what is necessary. Minimize the places you store personal data. Know what you keep and where you keep it.
  2. Destroy Before Disposal.  Cross-cut shred paper files before disposing of private information. Also destroy CDs, DVDs, and other portable media. Deleting files or reformatting hard drives does not erase data. Instead, use software designed to permanently wipe the drive, or physically destroy it.
  3. Safeguard Data.  Lock physical records in a secure location. Restrict access to employees who need to retrieve private data. Conduct employee background checks and never give access to temporary employees or vendors.
  4. Safeguard Data Privacy.  Employees must understand that your privacy policy is a pledge to your customers that you will protect their information. Data should only be used in ways that will keep customer identity and the confidentiality of information secure. Of course, your employees and organizations must conform to all applicable laws and regulations.
  5. Update Procedures.  Do not use Social Security numbers as employee IDs or client account numbers. If you do so, develop another ID system now.
  6. Establish Password Management.  A password policy should be established for all employees or temporary workers who will access corporate resources. In general, password complexity should be established according to the job functions and data security requirements. Passwords should never be shared.
  7. Secure All Computers.  Implement password protection and require re-login after a period of inactivity. Train employees to never leave laptops or PDAs unattended. Restrict teleworking to company-owned computers and require the use of robust passwords that are changed regularly.
  8. Control the Use of Computers.  Restrict employee use of computers in business. Don't permit the use of file-sharing peer-to-peer websites. Block access to inappropriate websites and prohibit the use of unapproved software.
  9. Keep Security Software Up-To-Date.  Keep security patches for your computers up to date. Use firewalls, anti-virus, and spyware software; update virus and spyware definitions daily.
  10. Encrypt Data Transmission.  Mandate encryption of all data transmissions. Avoid using Wi-Fi networks; they may permit the interception of data.
  11. Manage the Use of Portable Media.  Portable media, such as DVDs, CDs, and USB "flash drives," are more susceptible to loss or theft. Allow only encrypted data to be downloaded to portable storage devices.
  12. Establish an Approval Process for Employee-Owned Mobile Devices.  With the increased capabilities of consumer devices, such as smartphones and tablets, it has become easy to interconnect these devices to company applications and infrastructure. The use of these devices to interconnect to company email, calendaring and other services can blur the lines between company controls and consumer controls. Employees who request and are approved to have access to company information via their personal devices should understand and accept the limitations and controls imposed.
  13. Govern Internet Usage.  Most people use the internet without a thought to the harm that can ensue. Employee misuse of the internet can place your company in an awkward, or even illegal, position. Establishing limits on employee internet usage in the workplace may help avoid these situations. Every organization should decide how employees can and should access the web. You want employees to be productive, and this may be the main concern for limiting internet usage, but security concerns should also dictate how internet guidelines are formulated.
  14. Manage Email Usage.  Many data breaches are a result of employee misuse of email which can result in the loss or theft of data and the accidental downloading of viruses or other malware. Clear standards should be established regarding the use of emails, message content, encryption, and file retention.
  15. Govern Social Media.  All users of social media need to be aware of the risks associated with social media networking. A strong social media policy is crucial for any business that seeks to use social networking to promote its activities and communicate with its customers. Active governance can help ensure employees speak within the parameters set by their company and follow data privacy best practices.
  16. Oversee Software Copyright and Licensing.  There are many good reasons for employees to comply with software copyright and licensing agreements. Organizations are obliged to adhere to the terms of software usage agreements and employees should be made aware of any usage restrictions. Also, employees should not download and use software that has not been reviewed and approved by the company.
  17. Report Security Incidents.  A procedure should be in place for employees or contractors to report malicious malware in the event it is inadvertently imported. All employees should know how to report incidents of malware and what steps to take to help mitigate damage

How Data Breaches Occur 

  • Lost or stolen laptops, computers, or other computer storage devices
  • Backup tapes lost in transit because they were not sent either electronically or with a qualified human escort
  • Hackers breaking into systems
  • Employees stealing information or allowing access to information
  • Information bought by a fake business
  • Poor business practices - for example sending postcards with Social Security numbers on them
  • Internal security failures
  • Viruses, Trojan Horses and computer security loopholes
  • Information tossed into dumpsters - improper disposition of information  

Related Topics


Page Footer has no content