Spring Clean Your Risk of Identity Theft

1)      Appoint a security compliance officer.

2)      Put limits on data collection, If you don’t need it, don’t collect it. Do not create a risk to sensitive information by storing it when you no longer need it. DELETE IT

3)      Do not display SS# as identification or reference number of any kind.

4)      Clean off desks. Keep files not in use in secure/locked file cabinets.

5)      Restrict access to staff on a “need to know” basis. Rank data by level of sensitivity and assign access rights accordingly.

6)      Carefully screen/background checks on all employees who have access. Thieves can pose as an employee when all they are doing is infiltrating your business only to gain access to sensitive information (this includes temps).

7)      Visitors should not be allowed to roam the workplace unattended, and should not be using cell phones (only in lobby area).  It’s too easy to click a picture of sensitive data.

8)      Prevent terminated employees from accessing sensitive information by immediately deactivating their passwords and usernames.

9)      Lock up purses, wallets or carry bags while at work.

10)   Establish security procedures for non-employees (applicants, vendors, visitors).

11)   Safeguard mobile devices, especially when not on location. (Laptops, blueberries, PDA’s and cell phones.)  Put all laptops, PDA’s, Blackberries to password protection function.

12)   Set computer systems to automatic update feature.

13)   Clean emails of sensitive information before deleting email. Deleted email stays on the hard drive.

14)   Do not forward emails with personal sensitive information.

15)   Use password activated screensavers for employee computers/work stations after a period of inactivity.

16)   Do not just throw away old computers, hard drives. Destroy or erase data when disposing of computers, disks, CD’s magnetic tapes, hard drives laptops, PDA’s, cell phones or any other electronic devices.

17)   Implement encryption software – standalone encryption packages that work with individual applications are available for sale.

18)   SHRED, SHRED AND SHRED anything with sensitive/non-public information.

19)   Work together as a group to constantly improve your policy and procedures to reduce the risks.

Your company’s information chain is only as strong as its weakest link

Written by: Faye Whobrey, Independent Associate