Do you know what private information your company has?

The first step in securing your customer’s and employee’s private information is knowing what you collect and who has access to it. You need to list all the data you collect – account numbers, credit card numbers, email addresses, bank account information, birth dates, Social Security Numbers and other sensitive information. Inventory all computers, notebooks, flash drives, disks, backup tapes, home computers, smart phones, digital copiers and printers, digital fax machines, desk drawers and tops, filing cabinets, brief cases, home office and other equipment.

Then you need to trace how the information flows through you organization. Start with how information is collected and follow each item to final storage. Who sends it to you and how. Where and how long is it kept at each point in the process. Who touches and sees it. Does an application stay in an in-box on a desk?

Determine which employees need access to each piece of information. Then create policies and procedures to limit access to only the authorized employees. Look for points in the information flow where unauthorized people might be able to see it – employees, customers, the cleaning crew and third party out-sourced companies.

Once you know what you have and who has access to it, you should also consult with your attorney. Are there any laws you need to be compliant with for your industry?

You cannot secure what you don’t know you have.

Advertisements

About Bruce Demarest

Bruce Demarest is a Identity Theft Protection Specialist. He has designed and taught classes to educate individuals and businesses in identity theft risk management. The individuals have learned how to continuously monitor their financial identities from credit fraud, plus how to monitor their personal identifying information for unauthorized use. His business clients have become compliant with the federal & state privacy laws. He has conducted information security audits to identify their potential problems and has designed security policies, programs, and practices to address those problem areas.
This entry was posted in Business Identity Theft, Identity Theft Protection and tagged , , , , , , , , . Bookmark the permalink.

One Response to Do you know what private information your company has?

  1. Pingback: Business Culture of Security: Do you audit your vendors? | Bruce Demarest Creating Cultures of Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s