Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Small Business Guide to Information Security

1,477 views

Published on

http://www.choosewhat.com/ (ChooseWhat.com) brings small business owners and entrepreneurs a Step-By-Step Guide to Keeping Your Sensitive Information Secure. Embed this on your own blog, share it with your social network or let us know if we can help!

Published in: Business, Technology
  • Be the first to comment

Small Business Guide to Information Security

  1. 1. Small Business Guideto4 Simple Steps To Protecting You & Your CustomersEvaluate Remove Prevent Dispose
  2. 2. EvaluateYour Company’s Assets & Identify SensitiveInformationStep1Develop a list of physical and digital assets located withineach room of your company*Don’t forget storage, equipment, software & networks for each roomTreat each digital device as an “office room”Take inventory of all personal and sensitive information stored or transmitted throughthese devices.Answer the following questions for each piece of officeequipment:
  3. 3. EvaluateInformation Security Questionnaire – DigitalAsset EvaluationStep1
  4. 4. RemoveAll identified security threats & unsecurepracticesStep2Review your physical & digital asset log to identify sensitivedata you do NOT needOnly request sensitive data on the LAST step of transactions*Financial data should only be requested for processing payment or tax documents.NEVER include the expiration date or more than 5 digits ona sales receiptAll online transactions or sharing of sensitive data should bedone on a Secure Sockets Layer (SSL)*See final slide of Small Business Guide for secure payroll and ecommerce software
  5. 5. PreventFuture Security Breaches by Addressing DigitalSecurityStep 3Take inventory of new IT equipment that collects sensitive data*Log each VIN # and check it periodically to ensure it has not been switchedIdentify all connections to computers, servers & ITequipment that may contain sensitive data*iPhone’s, Dropbox accounts, online fax storage, digital copiers, etc.Do NOT email sensitive data, use an online fax service*Faxing is the most secure way to transfer sensitive information, although fax machines arebuilt with an internal hard drive that is often hacked when a company disposes of it.Use a Password Management ServiceDon’t store sensitive data on electronic devices that are easilystolen or lost*If needed, use an online backup service with an encryption & auto-destroy function
  6. 6. PreventFuture Security Breaches by Addressing PhysicalSecurityStep 3Define employee guidelines, responsibilities & restrictions uponnew employee hire & in company handbook.Make sure your employees log-off their computers and lock allcabinet doors prior to leaving each day.*iPhone’s, Dropbox accounts, online fax storage, digital copiers, etc.Do NOT email sensitive data, use an online fax service.*Faxing is the most secure way to transfer sensitive information, although fax machines arebuilt with an internal hard drive that is often hacked when a company disposes of it.Lock all file cabinets with sensitive information & start a “signin/out” system each time they are accessed.*This should be true of off-site storage facilities as well.
  7. 7. DisposeOf any and ALL sensitive informationStep 4Make shredders available throughout the office,especially around mail areas, copy or fax machines*Do not create a “To Be Shredded” box, this will only increase your riskErase electronic devices COMPLETELY before removal.*There are software options available to clean all electronics periodically or wipecompletelyMail centers and fax machines should be placed inprivate area, AWAY from foot traffic*According to a GFI study, 49% of employees claimed to have seen a paper fax thatwas not intended for them
  8. 8. Security Software RecommendationsExplain this point in a few sentences. An infographicdoesn’t necessarily mean you aren’t allowed to use words.Secure Online Shopping & Payroll• Intuit GoPayment• Intuit Online PayrollPassword Management• Lastpass• DashlaneSecure Online Backup• iDrive• Carbonite Online BackupExternal Hard Drive with “Auto Destroy” Feature• Apricorn Aegis Padlock 1 TB USB 3.0 256-bit AES XTS Hardware Encrypted Portable ExternalHard Drive• Apricorn Aegis Padlock 500 GB USB 2.0 256-bit Encrypted Portable External Hard Drive• Apricorn Aegis Secure Key FIPS Validated 16 GB USB 2.0 256-bit AES-CBC Encrypted FlashDriveSecurity Software for Portable Electronics• LoJack for LaptopsSecure Online Fax Plans• MetroFax Essential• Nextiva Single User• eFax – eFax Plus
  9. 9. SourcesExplain this point in a few sentences. An infographicdoesn’t necessarily mean you aren’t allowed to use words.ChooseWhat.com would like to thank the following websites for theirhelp in developing this information security guide.• http://business.ftc.gov/documents/bus75-medical-identity-theft-faq-health-care-health-plan• business.ftc.gov/privacy-and-security• David of FindAFax.com• www.OnGuardOnline.gov• Electronic Code of Federal Regulations• http://business.ftc.gov/documents/bus69-protecting-personal-information-guide-business• http://www.sba.gov/category/navigation-structure/starting-managing-business/managing-business/business-guides-industry• http://business.ftc.gov/privacy-and-security/data-securityA detailed version of this guide is available here:http://www.choosewhat.com/starticles/small-business-security-essentials
  10. 10. Sharing is Caring!!Brought to you by:

×