If you own a business, you may have personally identifiable data on customers that always needs to be kept safe and confidential. Failure to do so could result in a lawsuit, and not complying with confidentiality agreements is a breach of the law. If you keep any sensitive information on your systems, read on to find out how your business should be protecting it.
Track Your Personal Data
If you don’t believe you are in full control of your data, now is the time to act. Be sure to make an inventory of every place personal data is stored and label it by location and type. If you only have personal data coming through online, this can make it easier. Ensuring all your personal data is in one place will limit the risk of a breach of data, either by an employee or a hacker. Try to limit the number of employees who can access personal data and try to streamline your process so that personal data is coming through one avenue only, such as an online form that should be completed via your website.
If you don’t have a reason for personal data to be stored, it should no longer be there. Never use social security numbers for anything other than for tax reasons. The more data you have, the more protection is needed. Delete customer credit/debit card information unless required often, and you have permission to keep these details on file from the customer. If you aren’t aware of GDPR and you deal with EU customers, now is the time to get acquainted with it to ensure you are complying with data protection laws.
Keeping it Safe
Once you understand where your personal data is coming from and who has access, you can work to keep it safe. If you do still use paper copies, these should be locked away in a filing cabinet in a locked office. Any personal data that is stored electronically should be encrypted and accessed with a password, which should be changed every month and must always be changed if an employee decides to leave your company. Use anti-malware software and use a secure cloud back-up service. Be sure you can track who is accessing personal data; this way, you can see if anyone is unnecessarily accessing information.
Planning for a Breach
Every smart business has a plan in place for a personal data breach. If you believe a computer to be compromised, it should immediately be disconnected from the network. Even with a solid plan and plenty of protection, data breaches can occur. If you have personal data or health information on your system, consider getting cyber insurance. The Hartford provides cyber insurance to protect businesses in the case of a cyber or data breach incident and can help you to notify customers and aid you through the trial process if a customer decides to sue your company.
Do all you can to ensure any personal data is safe and remove any data that is no longer needed by your company. Keep on top of this, and you will be at less risk of a cyberattack.