Protecting your business and your customers is an important task. Continue reading for generally accepted practices that may help. We recommend seeking advice from technology and legal professionals.
- Conduct background checks before hiring new employees.
- Restrict access to consumer data to only employees who need it.
- Know who has access to sensitive information and how they collect, store, and use the information.
- Train employees to recognize and protect sensitive information as well as potential threats and risks on an ongoing basis.
- Reward employees who alert you to vulnerabilities.
- Store your laptop(s) in a secure location.
- Handle documents with care.
- Shred instead of throwing away.
- Secure your mail at all times.
- Don’t include sensitive information in voicemails.
Technology and Computers
- Don’t open unsolicited emails, pop-ups or attachments.
- Keep all your software current, including antivirus software.
- Keep your firewall current.
- Back up important files.
- Use a virtual private network (VPN) over a wireless network to prevent hackers.
- Use strong passwords by following these recommendations: Use a boot password to prevent access when you are away.
- Change default passwords that were assigned or given to you.
- Use upper and lower case letters, numbers, and symbols.
- Try abbreviating a phrase that is memorable to you.
- Make passwords at least eight characters long.
- Change passwords at least every 90 days.
- Don’t share passwords.
- Create an action plan in case something goes wrong.
- Use encryption when possible to protect sensitive information.
- Utilize products designed to protect you.
- Explain to your customers how you will communicate with them; for instance, most companies will never send emails requesting personal information from their customers.
- Tell customers how to verify if a request for personal information is genuine.
- Provide an email address and/or phone number where customers can send and/or report fraud attempts, such as spam.