Technology is changing every day, which is why it is important to be vigilant
about your organization’s data security.
Allan Tarleton, senior partner and attorney at Van Winkle, says data breaches are inevitable
for many businesses and nonprofits despite their best efforts. One key
is to have a clear, written data security policy to minimize the chances
of getting hacked and to communicate what to do if its data is compromised.
Tarleton recommends the following steps to protect the sensitive information
of your customers and employees.
Step one: Assess your data inventory
The first thing he recommends is to inventory what kind of data you have,
including customer, client and employee data. Consider if you have highly
sensitive information—such as social security numbers, financial
information or medical records—on file.
Step two: Determine how the information is being stored
Now that you know what type of information you have, determine how it is
being stored. Does it live in hard copy files, on a web-based network
that can be accessed via an employee’s smartphone or in software
that is only accessible through a desktop computer at the office?
Step three: Develop or review your written data security policy
Next, you will need a written data security policy. If you don’t
have one, now is a good time to talk with your attorney.
Be sure to train your employees on the policy and how to protect the company’s
records. Additionally, you should have a system in place to regularly
communicate the policy to employees and improve security practices.
Step four: Review how you are protecting sensitive data
Ask yourself these questions:
- How are you retaining or destroying sensitive employee or client information?
- Do you have a policy in place and are you following it?
- Are you doing all you can do to protect your customers, clients and employees?
Step five: Evaluate your physical security
“It’s not just digital information that’s at risk—it’s
paper files, computer screens that can be seen through a window, thumb
drives, laptops and smartphones,” he says.
Mobile information, in particular, is often accessible to employees at
all times. If an employee’s smartphone is stolen, for example, is
your company’s private information secure? It’s important
to make sure that the vulnerabilities that exist in those mobile devices
Worth the investment
Investing your time and resources into a data security plan is worth the effort.
“It’s important to have a culture within the business of security
and safety,” says Tarleton. “At the end of the day, are you
helping your clients and customers? Because it’s their information
and their trust that’s really important to any business.”