Businesses should be concerned about their digital and physical security. There are often high profile media reports in the news about companies that experience data breaches. Additionally, hundreds of thousands of virus programs are released every year. Therefore, every new business must protect their data.
According to the Fidus, training employees in security principles should be a top priority for businesses. There are systematic ways to accomplish this, such as setting mandatory password changes every quarter and requiring employees to always log-off their computer. However, employees must also understand the importance of physical security, such as keeping doors locked, reporting missing keys and maintaining client confidentiality. In fact, they should be familiar with social engineering, which refer to the techniques used by hackers and criminals to surreptitiously elicit sensitive information from their targets.
Face-to-face social engineering tactics involve asking seemingly innocent questions or watching every time an employee enters their log-in information to slowly learn their password. On the other hand, there are many social engineering tactics that employees will be exposed to through their email or the Internet. For example, phishing emails appear to be legitimate, but they actually are designed to trick the user into sharing private or sensitive information, such as a social security or bank card numbers. Employees should be trained to follow communication protocols in order to avoid information breaches.
Confidential Document Destruction
Confidential document shredding is an important way to prevent the loss of sensitive customer and business information. Certain documentation is required to be destroyed per state and federal regulations. For example, HIPAA legislation requires medical records to be destroyed. Failure to abide by these regulations could result in hefty penalties. Small companies can take care of the records destruction by themselves, but will need an industrial shredder and available staff and resources. Ideally, a shredding service like Vital Records Control will manage the records destruction. This guarantees that documents will be destroyed and properly recycled.
Have a Mobile Phone Policy
Many companies have Internet policies that explain how equipment and the Internet should and should not be used. For example, many companies prohibit employees from accessing social media sites or downloading files for personal use. However, more and more employees are using their own smart phone to perform their work duties, such as messaging team members about work issues. Since the security technology for mobile phones is still new, employees should be instructed to avoid using their personal, unsecured phones for business use.
Overall, companies should protect their data and ensure their compliance with state and federal laws through maintaining proper digital and physical security protocols.