News headlines have detailed how thieves breached retail POS systems and government computer databases. Given these recent threats, here are some best practices for keeping your workplace information safe.
Be mindful of public information requests
Workplace emails are not private and are subject to a Freedom of Information Act (FOIA) request from anyone seeking information from a government entity. Similar to the FOIA law, North Carolina’s Public Records Law guarantees the public access to records of governmental bodies.
Records include all documents, no matter the physical form. In fact, email traffic shared through local government systems are “FOIA-able” for several years after they’ve been sent and received. If you as the sender would be embarrassed saying something out loud, don’t put it in an email.
Encrypt personal information when sharing
Use encryption software when sending out identifiable information (e.g. Social Security numbers, drivers’ license numbers, etc.) Better yet, implement and use an office policy of data minimization. You collect only the information you actually need.
Once you’ve collected the data, reduce the number of places where it’s stored. Also limit and track the number of employees who have access to such sensitive information. Once you no longer have a use for the data, purge it responsibly.
Use security software/maintain updates
Stay up-to-date with security updates and/or patches. Otherwise you could leave an opening for a criminal to exploit. Admittedly, applying patches takes time and resources. Your IT department will often make system-wide updates during non-business hours to minimize impact to daily activities.
Back up your data
Data back up is an age old standard. But experts say to minimize the threat of an attack, back up data frequently using a secure external device or server not connected to the network.
Do not open unfamiliar emails
Be careful when opening email messages. If you suspect the email is not legitimate, then don’t click on it. If you don’t read the senders email address carefully, the message could be a virus masquerading as a message from a known associate.
Set clear guidelines
Establish a remote access policy of who can log in to the network when off-site. Another good policy to implement is on- and off-site data storage practices. Determine how often office data will be copied to the back up server or cloud account.
Minimizing the risk of a data breach involves creating and establishing best practices and procedures for employee use. Threats to personal data, not only impacts business continuity, but adds significant unforeseen costs and major headaches to any budget.
Article provided by Local Government Federal Credit Union.