Information Courtesy of Federal Trade Commission
Cybersecurity begins with strong physical security.
Lapses in physical security can expose sensitive company data to identity theft, with potentially serious consequences.
An employee accidentally leaves a flash drive on a coffeehouse table. When he returns hours later to get it, the drive — with hundreds of Social Security numbers saved on it — is gone.
Another employee throws stacks of old company bank records into a trash can, where a criminal finds them after business hours.
A burglar steals files and computers from your office after entering through an unlocked window.
How to Protect Equipment & Paper Files:
When paper files or electronic devices contain sensitive information, store them in a locked cabinet or room.
Limit Physical Access
When records or devices contain sensitive data, allow access only to those who need it.
Remind employees to put paper files in locked file cabinets, log out of your network and applications, and never leave files or devices with sensitive data unattended.
Keep track and secure any devices that collect sensitive customer information. Only keep files and data you need and know who has access to them.
How to Protect Data on Your Devices:
Require Complex Passwords
Require passwords that are long, complex and unique. And make sure that these passwords are stored securely. Consider using a password manager.
Use Multi-factor Authentication
This requires additional steps beyond logging in with a password – like a temporary code on a smartphone or a key that’s inserted into a computer.
Limit Login Attempts
Limit the number of incorrect login attempts allowed to unlock devices. This will help protect against intruders.
Encrypt any sensitive data you send outside the company, like to an accountant or shipping service.
Train Your Employees
Always shred documents with sensitive information before throwing them away.
Promote Security Practices in All Locations
Maintain security practices even if working remotely from home or on business travel.
Erase Data Correctly
Use software to erase data before donating or discarding old computer, mobile devices, digital copiers and drives. Don’t rely on “delete” alone. That doesn’t actually remove the file from the computer.
Know the Response Plan
All staff should know what to do if equipment or paper files are lost or stolen, including whom to notify and what to do next.
Aspects of implementing your physical security policies requires working with a technology service partner. In addition to coming alongside your business to provide on-going support and monitoring, your technology partner will assist with erasing data correctly, multi-factor authentication, limiting login attempts and encrypting data.
Helping Your Business Grow