Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

Published byVincent Davis Modified over 8 years ago

Similar presentations

Presentation on theme: "PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO."— Presentation transcript:

1 PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO THE W. KY. BBB-

2 CONSIDER A FIVE STEP PLAN 1. Take stock 2. Scale down 3. Lock it 4. Pitch it 5. Plan ahead

3 1. TAKE STOCK Know what personal information you have in your files and on your computers.

4 TAKING STOCK Inventory all computers, laptops, flash drives, disks, home computers, and other equipment to find out where your company stores sensitive data. Also inventory the information you have by type and location

5 TAKING STOCK Who sends sensitive personal information to your business. How your business receives personal information. What kind of information you collect. Where you keep the information you collect. - Is it in a central computer database?

6 2. SCALE DOWN Scale down. Keep only what you need for your business.

7 SCALE DOWN If you don’t have a legitimate business need for sensitive personally identifying information: Don’t keep it - Don’t even collect it. If you have a legitimate business need for the information: Keep it only as long as necessary

8 SCALE DOWN If you must keep information for business reasons or to comply with the law, develop a written records retention policy to identify: –What information must be kept –How to secure it –How long to keep it –How to dispose of it securely when you no longer require it.

9 3. LOCK IT Protect the information that you keep.

10 Security Check If you encrypt your customers’ financial data on your web site, DO NOT then decrypt it and email it over the Internet to a branch office in regular text. Regular email is NOT a secure method for sending sensitive data. Encrypt any transmission that contains information to be shielded from fraudsters or ID thieves.

11 LOCK IT Effective data security plans cover four key elements: 1. Physical security 2. Electronic security 3. Employee training 4. Security practices of 3 rd parties

12 PHYSICAL SECURITY Data compromise can still happen the old- fashioned way: Lost or stolen paper documents. Often the best defense is a locked door or an alert employee. Store paper documents, flash drives, and backups containing personally identifiable information in a locked room/file cabinet. Limit access only to employees with a legitimate business need.

13 GENERAL NETWORK SECURITY You may not even have IT Staff, but your responsibility remains. Assess potential vulnerabilities of your system/ database and follow advice of legitimate experts. Identify all connections to computers/servers maintaining sensitive/personal information (e.g., Internet, computers at branch offices & wireless devices/smartphones/tablets.) Limit the number of users and wireless devices that can access your network. Cost-effective options for enhanced protection: Firewalls; Filters; Anti-Virus software; Anti-Spyware Junk Blockers

14 LAPTOP SECURITY Restrict use of laptops to staff requiring them to perform their jobs. Assess whether sensitive information needs to be stored on a laptop. If not, delete it with a “wiping” program that overwrites data on the laptop. Beware of the risks of WiFi.

15 EMPLOYEE TRAINING RISKS ARE ALL AROUND US: Malware – Scareware - Phishing - Social Networking - Viruses - Keystroke Counters [Don’t invite them in] A data security plan may cover all bases on paper, but it’s only as strong as the employees who implement it. Continual employee training re: newly arising risks and vulnerabilities is key - Create a “culture of security”

16 PASSWORD MANAGEMENT Control access to sensitive information: Employ complex passwords through mixing letters, numbers, and characters. Require an employee’s user name and password to be different and mandate regular password updates. Passwords should NOT be shared

17 CONTRACTORS & THIRD PARTIES Your business’ security practices are affected by all those who implement them, including contractors and service providers. Before outsourcing any of your business functions, investigate the vendor’s data security practices and compare their standards to your own.

18 4. PITCH IT PITCH IT. Properly dispose of what you no longer need

19 WHAT IS “PROPER” DISPOSAL? Reasonable and appropriate practices to prevent the unauthorized access to – or use of – personally identifiable information. “Reasonable” = Based on data sensitivity, costs and benefits of disposal options & technology changes Shred/pulverize sensitive papers so they cannot be read or reconstructed Destroy/erase sensitive electronic files/media so they cannot be read or reconstructed Old computers/portable storage devices: Consider wipe utility programs - designed to overwrite the hard drive to prevent files from being recovered.

20 5. PLAN AHEAD Create a plan for responding to security incidents.

21 PLAN AHEAD Investigate security incidents immediately and take steps to close off existing vulnerabilities or threats to personal information. Promptly assess the degree of Compromise. Consider whom to immediately notify in the event of an incident, both inside and outside your organization - e.g., customers, law enforcement, and other businesses that may be affected by the breach. States and federal regulatory agencies have laws and guidelines addressing data breaches and requirements with which you must comply.

22 PLAN AHEAD No one-size-fits-all approach to data security - What’s right for you depends on the nature of your business and type of information you collect. Some of the most effective basic security measures - personnel training, complex passwords, securing sensitive paperwork, etc. - are of negligible cost. Free or low-cost security tools at non-profit websites dedicated to data security. REMEMBER: It’s more cost-effective in the long run to invest in better data security than to lose the goodwill of customers, defend yourself in legal actions, and face other consequences of a data breach

23 THANK YOU!

Download ppt "PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

Similar presentations

Ads by Google