In business as in life, there is information that we don’t want anyone else to have. Proprietary information, bank statements, and personnel records all have sensitive information that should be kept private. A company that makes widgets has personal information on all the employees that could ruin lives if it fell into the wrong hands. If that one widget-making company has important information, think about the banking and medical industries. Every day terabytes of information and data are collected all over the world, and that information needs protection. A commonsense strategy for securing sensitive information is a good place to start, to protect data.
Understand What You Have
Review all the documents that you have and get an idea of what you have. Note if you have files on employees, patents, processes, or equipment. Decide what is important enough to keep and what is just a security risk and taking up space. Then identify who has access to the information and why they need it. Identify who has laptops and sends sensitive information about your company out into the world. Different information carries with it varying degrees of risk.
Reduce the Amount of Information on Hand
Keeping boxes and filing cabinets full of paper files is a risk that can be mitigated quickly. In the information age, most paper can be eliminated and converted into a digital format. Once that paper is gone, the information is stored on a secure server within your company. In-house servers are more secure because only people within the company have access to it, unlike cloud-based services that are offsite. Find a
reputable scanning company to convert your paper into digital forms.
Protect the Information
Whatever format your sensitive information is in, it must be physically protected. If you have papers, floppy disks, or tapes, limit access to them. Only let employees who have specific needs view those materials. Digital information needs network security and firewalls to protect it. Don’t store any important information on a computer with internet access and encrypt all sensitive information as another layer of protection.
Destroy What You Don’t Need
If you don’t need it, destroy it. After you convert papers and other real data into digital data, destroy all copies. Most scanning companies will destroy and dispose of all documents that they convert for you, and they will provide a certificate of destruction. Any papers and receipts that float around the office should be shredded before they are sent out to the dumpster. Full documents are a goldmine for identity thieves.
Have a Response Plan in Place
Taking all the above steps will help keep everything safe and secure. Don’t get caught off-guard, though, and have a contingency plan in place if the worst happens. Designate a senior member of staff to coordinate efforts in the event of a security breach. Investigate all security incidents immediately and take steps to close existing vulnerabilities.
