Regardless of the size of your business, it’s critical that you work proactively to protect the sensitive and private information of your customers, clients and employees. While you might hear more often about data breaches at bigger companies, the reality is that smaller companies and organizations are often targeted and typically have limited data security protections in place.
Your approach to protecting your company from a data breach must be comprehensive. First, be sure to restrict access to sensitive, confidential information only to employees whose job requires that access. Vendors, many of whom have access to sensitive information, must be screened to ensure they have security measures in place to protect the data and that they are using your company’s data only in relation to providing the specific services for which you have engaged them.
All employees must be trained on your data security policies to give them clarity on what types of information are considered private, what procedures to use to store or dispose of sensitive information, how to report suspicious emails and what the rules are for careful creation and usage of passwords. If you allow employees to use their personal mobile devices for business purposes, consider restricting how they are used to access your company’s data. There is software that can be used to separate personal data from business data on the device. It can also be used to scrub a device if it is misplaced or stolen. Other protections you should put in place include firewalls to protect your networks, secure WiFi access and encryption of sensitive data. We recommend that clients discuss and set forth clear guidelines regarding protection of confidential information in vendor agreements, contracts with employees and independent contractors, and employee manuals.