Hot Tips

Data Security Basics

It's a disturbing fact that within the last five years alone, over a half a billion sensitive data records, the majority of which included Social Security numbers and credit card information, were breached in this country, and nearly a quarter of those breaches occurred in small businesses. The final kick in the groin is that approximately three quarters of those small businesses went bankrupt either directly or indirectly due to the experience.

Corral all those loose USB storage devices that you listed on paper that are currently floating around in purses, pockets, and laptop cases. Find out what's on them, who uses them, and what their physical proximity is at any given time. Inventory them, decide how you want your employees to treat them (do they go home at night, get locked in the safe, or what?).  Encrypt them. Upgrade everyone's computer security software to the best you can afford. Increase password complexity and discourage employees from writing them down. Limit or forbid Internet use on certain extra-sensitive computers. Limit or forbid the “take-home” computers and the information on them. Insist that “take-homes” be transported in a locked trunk and that any sensitive information in them is encrypted. Forbid all employees from receiving or transmitting company info over public Wi-Fi hot spots. Shred sensitive printed documents destined for disposal ASAP, and be sure to use a diamond cross-cut shredder.

Completely destroy—not just “erase”—all decommissioned computer hard drives. Never sell or discard a PC/laptop that was used for agency work even if it was their own personal property—make it part of your pre–employment agreement. Give that old computer a taste of Office Space stress–relief in an open field with a baseball bat to make sure sensitive information permanently stored on the hard drive is completely obliterated and can therefore never fall into the wrong hands. If that seems too unprofessional and/or politically incorrect, turn the thing over to a trusted—emphasis on trusted—computer expert to dispose of it humanely. Hire Somebody. Consider outsourcing or hiring a consultant, such as a Private Detective Agency. It's likely that a qualified security service can provide better security than you can. Plus, it allows you and your staff to concentrate on your business rather than locksmithing, alarm systems, and the complicated details of modern data storage. But can you afford it? Can you afford not to? 

My advice in all things is to do what you can when you can, and don't sweat the rest. And remember, it's much more expensive for you and your business to repair a data breach after it's occurred than it is to prevent one from ever happening in the first place. Lao Tzu said,“All difficult things have their origin in that which is easy, and great things in that which is small.” Apply that thought to your businesses data security.