Successful Startup 101 Magazine - Issue 5 Page 6
* Use strong pass words and change frequently.
Personal data security begins with knowing what information you have and who has access to it. Reviewing how the information flows through your business, who has, or could have access to it is very good place to start. This can be accomplished by an inventory of computer, laptops, mobile devices, flash drives, disk and any other equipment you have that stores sensitive data. Once the inventory is complete, you may have an idea how you can effectually scale down who knows what; the fewer people who have access to client's personal information, the better.
If your business does not have a legitimate need for storing sensitive personal information, don't keep or collect it.
The laws says Social Security numbers can only be used for lawful purposes, and you may be required by law to truncate the electronically printed credit or debit card receipts you give your customers. It is a good idea to check the default settings on your software that reads customers credit card numbers or processes the transaction. If it is preset to keep the information permanently change the settings to make sure your are not keeping the information longer than you need. It is your responsibility to understand the vulnerabilities of your computer system. If you are not an IT expert, thoroughly screen IT companies and hire the best fit for your company.
If your employees use laptops computer, restrict the use of laptops to only those employees who need them to perform their jobs; required laptops be stored in a secure place-under lock and key when not in use. Determine which employee really needs personal or sensitive information stored in their laptop. If they don't, delete it with a "wiping" program.
Information can all so be protected by requiring the use of a smart card: thumb print or other biometric, as well as a password to access your computer system.
While we are on the subject, you might what to check on the companies that have YOUR information or that of your company to protect yourself.
When a customer or client trusts their personal information to you, obviously you have a responsibility to take every step necessary to protect it. Additional resources in this subject are:
* Federal Trace Commission (FTC) at https://www.ftc.gov.
* National Institute of Standards and Technology (NIST) at www.csrc.nist.gov
* SysAdmin, Audit, Network, Security) Institute at www.sans.org/top-cyber-security-risks