Recently Elizabeth Chisman Moon of Focus Data Solutions and I did a seminar on this topic for the Alexandria SBDC. Here are some basic ideas on managing your risks of security breaches.
Start by developing policies or practices that address the most important security needs of your business. These might include:
use of company equipment and software,
use of personal devices for work,
basic security procedures (physical and systems),
what you consider ‘company confidential’ or sensitive information.
Defining what you consider sensitive information is critical. This ensures you know what information deserves extra care in handling and storing so you can protect it. The policy also tells your employees what information you expect them to keep restricted and ensure others do not see. Common types of sensitive or ‘company confidential’ information include:
all data relating to services, applications, procedures, and/or products sold by the organization, excluding marketing literature designed for external use
research and/or development materials
information about clients or customers, excluding that within sales or marketing literature produced for external use
contractual arrangements between the organization and its clients or suppliers or vendors
purchasing, pricing, sales, or financial data
personnel data on any employee or ex-employee
information provided by other organizations under confidentiality agreements.
Development of basic policies can be done using samples from your professional/trade organizations or your network. However – it is vital to ensure that each policy is designed to support your desired culture. Having such policies checked by your lawyer, appropriate consultants, or vendors is important to ensure you minimize your risks. The policies then provide a basis for orientation of new employees as well as training of all employees and regular reminders on need for each employee to protect the organizations’ assets.
Remember that policies that are difficult or complicated lead to […]