Prevent a data breach at your business.
This is critical. Businesses of all sizes have experienced devastating security lapses.
Equifax, Marriott, and Target are just a few of the well-known companies.
20 Ways to Prevent a Data Breach at Your Business
1. Use best practices for passwords
2. Use anti-virus software and encryption and keep it up to date
3. Secure mobile devices employees use for work
4. Change the name of your router (SSID) from the default
5. Change the router’s default password
6. Keep router software up to date ( you can register it with the manufacturer and receive update notifications)
7. Disable router remote management features
8. After setting up a new router, log out as administrator
9. Make frequent backups
10. Protect your Wi-Fi network with WPA2
11. Restrict employees from using insecure Wi-Fi hotspots
12. Only use encrypted websites for business information (look for https)
13. Enable two-factor authentication
Protect Your Payroll and Wire Transfers
14. Prevent employees from requesting EFT changes in an email or text
15. Regulate how wire transfers are initiated and approved
Prevent Email Hacks
16. Instruct employees how to verify if an email is legitimate
17. Instruct employees not to open suspicious emails or click unknown links
18. Restrict who has access to sensitive data
19. Use security cameras and monitor feeds frequently
20. Get rid of information you don’t need anymore and dispose of it properly
Pay Attention to FLSA Recordkeeping Laws
Before you do a mass purge of sensitive documents, make sure you remain compliant. HR software has compliance tools that can help.
If You Suspect a Data Breach, Act Fast
Your data protection policy should outline what to do if you discover or suspect you’ve been hacked. The most important thing is to act ASAP.
Do a Data Audit
Take inventory of the sensitive information in your organization. Audit every department. The data will be on paper and in electronic form. Don’t forget connected devices.
Go through file cabinets. Have employees check their drawers, files, thumb drives, and any devices they have at home. Don’t forget external hard drives.
Examine your office copiers. Learn how to erase data collected by the copiers and scanners. Creative thieves have extracted sensitive data from used office copiers.
Talk to businesses you work with. Determine how you share information in the course of doing business. Find out what their security protocols are. Tighten policies if necessary.
Document where sensitive information is located and in what forms. Determine who has access to the information.
Don’t Keep Information You Don’t Need
When you’ve finished your audit, determine what you must keep and for how long. Get rid of everything you can.
Be a Better Shredder
Cross shredders are better than strip shredders. Though it’s tedious, thieves have re-assembled cross-shredded documents. Pulverizing paper is even better. It turns it into pulp.
What Information is Sensitive?
The following items can be used to commit identity theft. Your company probably stores information in many forms: paper documents, photocopies, and digital records.
- Date of birth
- Social security number
- Birth certificate
- Death certificate
- Passport number
- Bank and credit card account numbers
- Password/PIN/mother’s maiden name
- Driver’s license number
- Telephone number
- Biometric information (iris/palm scans, fingerprints, and other biologic identifiers)
- Medical records and related health information
Identity theft isn’t your only risk. Make sure you safeguard your intellectual property as well.
Appoint a Security Manager
Designate a person in charge of data security. Choose someone who knows the applicable laws. They should also have a thorough understanding of your business processes.
If you have a large organization, you need a security team. Include senior IT, HR, legal, and accounting personnel. If you have the resources, consider adding a white collar crimes specialist to your organization.
Your security manager is responsible for training managers and employees. They must hold managers accountable for their teams. Review policies frequently. Stay apprised of best practices by consulting a cyber security expert. Check the FTC and FBI websites regularly for additional guidance. They post new threats as they become aware of them along with recommendations for prevention.
Create Formal Security Policies
Outline exactly who has access to sensitive data. Establish protocols for using the information.
Purchase additional security software if necessary. Train employees thoroughly on both the policies and how to use the software.
Control access to software and files. You can use a biometric time clock to restrict access to server and file rooms.
Consider Cloud-Based Software
SaaS providers help keep sensitive information safe. There are many advantages to keeping business data secured in the cloud. Human Resources and outside recruiters handle extremely sensitive information. Consider using cloud-based HR software. This includes applicant tracking systems, time and attendance solutions, employee scheduling products, and general HR management.
If you already use SaaS products, request a copy of your vendors’ policies. Make sure they follow best practices for cloud security.
Share these critical data protection tips with your network.
By Liz Strikwerda