Securing Sensitive Data



Securing Sensitive Data Posted Tuesday, August 23, 2011 by Rosalind Scott Getting Started First, determine what makes sense for your type of business. This will be based on the type of data that you collect and store, and the kind of resources you have managing that data. If your small business keeps information about customers in several formats (e.g., on paper, on computers, and online), you should sit down with a team of your employees — an IT person, office manager, etc. — and discuss these issues together to make sure you consider all viewpoints. 1) Inventory the TYPES of data you collect, store and/or transmit. 2) Inventory HOW you store your data. 3) Inventory WHERE you store your data for each type and format of customer information. 4) Inventory HOW DATA IS MOVED and WHO HAS ACCESS to it. Take into consideration your type of business, the stationary and portable tools your employees use to do their jobs. This is a very important part of the inventory process, as it will help you begin to identify the potential ways that sensitive data could be inadvertently disclosed. If you think you need outside help to identify potential leak points, consider consulting with a data forensics team or the bank or processor that provides your merchant account services. 5) Inventory the DATA CONTROLS YOU HAVE IN PLACE... or not. 6) Evaluate COSTS vs BENEFITS of different security methods. Brainstorm different types of security procedures and think about whether they make sense for the type of information you maintain, the format in which it is maintained, the likelihood that someone might try to obtain the information, and the harm that would result if the information was improperly obtained. 7) Write it Down. Type up the checklists you’ve just created, the security measures you are taking, and an explanation on why these security measures make sense.   Congratulations — you've just created the foundation of your written security policy! Now be sure to provide this information to all your employees and customers so they know and understand your policies. For more tips on protecting your business and customers from fraud visit vi.bbb.org. Tagged under \| data security identity theft business tips IT storage

Posted Tuesday, August 23, 2011

by Rosalind Scott

Getting Started
First, determine what makes sense for your type of business. This will be based on the type of data that you collect and store, and the kind of resources you have managing that data.

If your small business keeps information about customers in several formats (e.g., on paper, on computers, and online), you should sit down with a team of your employees — an IT person, office manager, etc. — and discuss these issues together to make sure you consider all viewpoints.

1) Inventory the TYPES of data you collect, store and/or transmit.

2) Inventory HOW you store your data.

3) Inventory WHERE you store your data for each type and format of customer information.

4) Inventory HOW DATA IS MOVED and WHO HAS ACCESS to it. Take into consideration your type of business, the stationary and portable tools your employees use to do their jobs. This is a very important part of the inventory process, as it will help you begin to identify the potential ways that sensitive data could be inadvertently disclosed. If you think you need outside help to identify potential leak points, consider consulting with a data forensics team or the bank or processor that provides your merchant account services.

5) Inventory the DATA CONTROLS YOU HAVE IN PLACE... or not.

6) Evaluate COSTS vs BENEFITS of different security methods. Brainstorm different types of security procedures and think about whether they make sense for the type of information you maintain, the format in which it is maintained, the likelihood that someone might try to obtain the information, and the harm that would result if the information was improperly obtained.

7) Write it Down. Type up the checklists you’ve just created, the security measures you are taking, and an explanation on why these security measures make sense.  

Congratulations — you've just created the foundation of your written security policy! Now be sure to provide this information to all your employees and customers so they know and understand your policies.

For more tips on protecting your business and customers from fraud visit vi.bbb.org.

Better Business Bureau

Start With Trust

Executive Director's Blog

Securing Sensitive Data

Comments

Add a Comment

Tools

Most Viewed Posts

Find BBB on

Most Commented Posts