Did you hear? Home Depot is the latest retailer to experience a data breach. Home Depot admitted that over 2,000 stores have been hacked and 60 million customers are expected to have been affected by the breach. Consumers are becoming leery of shopping and with good reason. In the past year we have seen data breaches affect major retailers such as Target, Home Depot, and Ebay. Even UPS and PF Changs, a well known restaurant, have been victims. The banking industry is not immune either. JP Morgan recently announced it had been hacked. And, perhaps the scariest is the hacking of www.healthcare.gov. It seems no individual or business is immune. But there are ways you can protect you and your business from a security breach. Here are 5 tips:
- Have Clearly Defined Policies & Procedures
It is very important to have clearly defined information security policies and procedures. Your business should designate a compliance officer whose responsibility it is to ensure comprehensive policies and procedures exist, that employees are aware of the protocol, and that employees are regularly trained. It is the compliance officer’s job to keep records of all of this. It is critical that employees not only understand breach prevention protocol, but also what procedures should be followed if a breach is believed to have occurred. Employees should be trained on your data destruction policy, safeguards concerning business computer equipment, remote access of data, and protocol for brining sensitive material, in electronic or paper form, outside the business. It is important that employees know what information is considered private, what should be shredded versus thrown away, and how to properly secure emails. For paper documents, is a good idea to adopt a shred everything, all the time in the same manner policy. This takes away the discretion and the burden from the employee having to discern what is private or confidential.
- Be Cautious of Allowing Employees to Access Data Remotely or Take Devices Home
Many breaches occur as a result of allowing employees to remotely access data or being allowed to take laptops and other devices home. Devices such as tablets, smart phones, and laptops are typically not secure and can lead to serious data breaches. If you elect to allow employees to access your server or systems from their own devices, consider the data and privacy issues that can accompany it. Include protocol that addresses remote access and using devices to access company data in your policies and procedures.
- Be Aware of Where Your Most Sensitive Data Resides
Is your private information or trade secrets kept in paper form, in e-mail, on hard drives, or elsewhere? Understanding where your company’s most private and confidential information is kept can help you to prepare safeguards and procedures to respond in the event of a breach. Be especially sensitive of client or patient information such as names, addresses, Social Security and medical information. Medical data likely falls under the Health Insurance Portability and Accountability Act. Click here to read more about HIPAA compliance. When a computer is being replaced or has reached its useful life, be sure to shred the hard drive. Merely erasing it allows your data to still be accessed. Read here about the how to shred your hard drives and other media on-site.
- Secure Your Information
It is important to secure your browser. Some websites can be trusted but others can contain malevolent code. To protect your business, keep up with the latest version of your browser. Secure your operating system too. Look into newer operating systems that are much more difficult to hack into. Secure your router, which connects your computer to the Internet. It is important that you have a strong password on your router and a WPA2 password on your Wi-Fi to further protect you from a breach. Passwords should include lower and upper case letters, numbers and symbols to maximize security.
- Be Prepared In the Event of a Breach
It’s really a matter of when, not if, you will encounter a breach in your business. Therefore it is important to be prepared to minimize its effects financially, legally, and for your businesses reputation. Determine what you will communicate to your employees, the media, regulatory agencies and your customers. It is a smart practice to hire an outside firm to help you handle and minimize the effects of the breach. Make sure you are aware of Florida’s new data privacy law. You can read more about it and other relevant laws here.
Dawn Connelly, Esq., Owner All Points Mobile Shredding, a NAID AAA Certified Company. Click here to learn more about how I can help you stay compliant.