Saturday, April 18, 2009

7 Tips to Make Your Company's Information Security Plan More Manageable

If you operate a financial services business, which falls under the jurisdiction of the Federal Trade Commission (FTC), you may be subject to the FTC's Safeguard Rule (the Rule). Compliance with the Rule requires you to have an information security plan that stipulates how your business protects the sensitive customer information you handle.

For many businesses, writing a compliant information security plan is relatively easy. The challenge lies in implementing the policy and avoiding the consequences of non-compliance.

There are many approaches to handling data security compliance. The following are seven simple tips to help make the task of implementing your information security plan more manageable:

1. Don't be a data hog. Business clutter does not only occupy undue amounts of space; it complicates the task of tracking and protecting information. Eliminating clutter will help you organize to protect sensitive information.

2. Collect only what you need. Be purposeful in your request for customer's personal information. In short, if you have no business use for the information, don't collect it.

3. Dispose of sensitive information properly. The FTC's Disposal Rule requires companies to adopt disposal practices that prevent the unauthorized access to or use of information in credit reports. Simply dumping paperwork containing sensitive personal information is not an option. Shred, burn, or pulverize papers to keep them from prying eyes. If you plan to donate old computers, laptops, and other data storage devices, use appropriate wipe utility programs to clean them out to prevent subsequent retrieval by unauthorized persons.

4. Involve your employees. This falls under the heading of creating a culture of security in your company. Creating the company's information security policy is the responsibility of management. Making security a part of everyday business requires full participation by employees.

5. Limit access. This means investing in state-of-the-art security software and programs that make sensitive data sites "hacker proof". It also means limiting access only to employees who need restricted data to perform assigned business duties. If your business stores sensitive information in drawers and filing cabinets, secure them with locks.

6. Know your contractors. These days, outsourcing is unavoidable in the course of doing business. However, each external source has potential implication for your information security plan. Before you outsource your web hosting, IT service, payroll, call center operations, and other business needs, verify the security practices of the vendors - that includes the contractor you engage to shred your company's paperwork.

7. Have a damage control plan. Given the complexities of today's business environment, your company may not always be able to prevent information security breach. In the event of a breach, damage control becomes critical. You may be required to notify customers, law enforcement agencies, credit bureaus, and other businesses affected by the breach. Having an action plan in place will facilitate your management of a security breach.

Protecting customers' personal information is a legal requirement. Information security makes good business sense. Implementing simple low-tech tips, such as the ones suggested in this article, will help your compliance with the law. It will also help in consolidating the trust between you and your customers.

Rachel Agheyisi is an economist with over 25 years of business research, writing, and corporate consulting experience. She is the Executive Director of Report Content Writer, a company that specializes in writing white papers and case studies used by IT companies for generating leads in the biotech, financial services, and health care industries.
Email me at on how I help you develop content-rich white papers and case studies.

Article Source:

No comments:

Post a Comment

I thank for the comment!