The Identity Theft Resource Center (ITRC) has put together a guide for protecting against identity theft for small and mid-sized businesses (SMBs).
Given that the collection of personally identifiable information is often a requirement for businesses, it’s important to take steps to protect that information – and yourself – against possible data breaches. The guide recommends a 6 point approach to data and data security:
- Assess what data you need, what data is required, and what data may be beneficial but ultimately unnecessary.
- Identify, create and control the flow of data from the point of collection throughout the entire business operation.
- Determine who within the business needs access to the data to do their job.
- Secure the data (digitally and physically).
- Implement the use of proper data disposal procedures.
- Plan for what happens when something goes wrong or fails, and a data exposure occurs
Many of these steps may seem obvious, but it’s important to regularly look at these points to ensure that you are always on top of changes and are keeping your data policies in line. It’s easy for SMBs to get bogged down with the management of the day-to-day running of the business and forget to lay down these important policies.