Privacy is both a business risk, and a compliance issue. Upper management needs to be involved in information security, and set goals for the entire company. Business leaders need to ensure they are keeping track of industry privacy laws and legislations, as well as to conduct periodic security risk assessment audits.
Experts say that on-going training for employees should illustrate to them how and why they need to follow security policies. Similarly, they recommend embedding information security strategies into the workplace culture. Implementing initiatives such as a Clean Desk Policy, or a Shred-All Policy will eventually force information security to be an automatic practice among employees. Physical safeguards such as ID badges required to enter the office are another great way to improve security.
Investing in detection technologies and keeping software updated is a good way to safeguard your confidential information. Also, teaching employees how to support various technologies in security awareness training will help keep sensitive documents secure.
Third-party partners are often given access to sensitive networks and data, but the amount of incidents attributed to current and former partners is growing. Ensure you screen third-party providers on their information security policies and procedures before entering them into your supply chain.
Employees who use commercial mobile apps, such as the Cloud, to store information are one of the biggest security risks. Data security checklists today must include an extensive information security policy regarding mobile devices.
Partner with a reliable document destruction company that will provide you with a secure chain of custody, install locked consoles in your workplace, and high quality on or off site shredding services for paper documents, as well as hard drives and e-media. Ensure that you receive a certificate of destruction after each shredding!