Protecting Your Business

Protecting your business and your customers is an important task. Continue reading for generally accepted practices that may help. We recommend seeking advice from technology and legal professionals.

Your Employees

  • Conduct background checks before hiring new employees.
  • Restrict access to consumer data to only employees who need it.
  • Know who has access to sensitive information and how they collect, store, and use the information.
  • Train employees to recognize and protect sensitive information as well as potential threats and risks on an ongoing basis.
  • Reward employees who alert you to vulnerabilities. 


The Workplace

  • Store your laptop(s) in a secure location.
  • Handle documents with care.
  • Shred instead of throwing away.
  • Secure your mail at all times.
  • Don’t include sensitive information in voicemails. 


Technology and Computers

  • Don’t open unsolicited emails, pop-ups or attachments.
  • Keep all your software current, including antivirus software.
  • Keep your firewall current.
  • Back up important files.
  • Use a virtual private network (VPN) over a wireless network to prevent hackers.
  • Use strong passwords by following these recommendations: Use a boot password to prevent access when you are away.
    • Change default passwords that were assigned or given to you.
    • Use upper and lower case letters, numbers, and symbols.
    • Try abbreviating a phrase that is memorable to you.
    • Make passwords at least eight characters long.
    • Change passwords at least every 90 days.
    • Don’t share passwords.
  • Create an action plan in case something goes wrong.
  • Use encryption when possible to protect sensitive information.
  • Utilize products designed to protect you.



  • Create a privacy policy statement that is easy to read and understand, and post it on your website or make it readily available.
  • Explain to your customers how you will communicate with them; for instance, most companies will never send emails requesting personal information from their customers.
  • Tell customers how to verify if a request for personal information is genuine.
  • Provide an email address and/or phone number where customers can send and/or report fraud attempts, such as spam.