Tuesday, April 8, 2008

Data Security & your Business success

Take Stock: Conducting a Data Security Audit in Your Office

by Lesley Fair

It may mean one thing on TV, but to savvy business executives, “CSI” should stand for Carefully Secure Information. Every company has an obligation to its customers, affiliates, and employees to safeguard sensitive data. As outlined in the Federal Trade Commission’s new handbook, Protecting Personal Information: A Guide for Business, one step of the process is to “Take Stock” — conduct a CSI-style “forensic audit” of your information practices.

Effective data security starts with assessing what information you have and identifying who has access to it. Understanding how personal information moves into, through, and out of your business and who has — or could have — access to it is essential to assessing security vulnerabilities. Whether you’re a industry giant or a lean-and-mean one-person shop, here are some tips on conducting your own “CSI” investigation:
# Secure the scene. Inventory all file cabinets, computers, flash drives, disks, and other equipment to find out where your company stores sensitive data. Don’t forget about laptops, employees’ home offices, cell phones, and email attachments. No security audit is complete until you check everywhere sensitive data might be stored.
# Look for footprints. Track personal information through your business by talking with your technology staff, human resources office, accounting personnel, and outside service providers. Get a complete picture of who sends your company sensitive data. Do you get it from customers? Call centers? Credit card companies? Banks or other financial institutions? Affiliates and contractors?
# Check the doors. How does sensitive data come in to your company? From your website? Via email? Through the mailroom? What kind of information is collected at each entry point? Customers’ credit card, debit, or checking account numbers? Sensitive health or financial data?
# Dust for fingerprints. Who has — or could have — access to the information? Which of your employees has permission to look at sensitive data? Could anyone else get a hold of it? What about vendors who supply and update software you use to process credit card transactions? Contractors running your call center, distribution, or fulfillment operations?
# Protect key evidence. Different types of data present varying risks. Pay particular attention to how you keep personally identifying information like Social Security numbers; credit card, debit, checking account, or financial information; and other sensitive data that could facilitate fraud or identity theft if it fell into the wrong hands.

Get your copy of Protecting Personal Information: A Guide for Business at www.ftc.gov/infosecurity.

Lesley Fair is an attorney in the FTC’s Bureau of Consumer Protection who specializes in business compliance.

Source

1 comment:

Unknown said...

hello , it's a useful blog Thanks for share it


A data security policy in Bangalore helps protect your data from cyber breaches. Create a data protection policy to outline the rules in handling employee and client personal data with help from Rocket Lawyer.

Data security policy in Bangalore