Spring Cleaning for Your SMB: Document Security
Appropriately Secure and Dispose of Business Data
It may still be winter, but the first buds of spring are right around the corner. For your Small and Mid-Sized Business (SMB), the annual spring cleaning ritual doesn’t mean simply dusting off the shelves and organizing the supply closet. It’s also about forming secure habits for your business operations and protecting against data intrusions that could ultimately impact your organization’s name, and your bottom line.
What Types of Data Should I Secure?
If a document includes any type of Personally Identifiable Information (PII), your company is responsible for protecting it. Documents with critical data may include word processing documents, electronic spreadsheets, customer databases, financial files, human resources files, and accounts receivable/payable files. If this information were exposed through a data breach, it could spell financial and reputational disaster for you and your business.
Train Your Staff on Security Protocols
Whether you have one employee or 99, it’s crucial that you teach them how to securely handle documents and devices to keep your business protected. According to the 2018 Shred-It Report, 51 percent of SMB owners in the U.S. identify employee negligence as their biggest information security risk. Quite often minor mistakes are what lead to serious consequences – including data breaches and identity theft – and it is your responsibility as a business owner to safeguard all business, customer, and employee data within your organization.
Three Tips to Secure Your Business Data
1. Don’t leave documents out in the open. If an essential document requires a physical copy, keep it locked in a file cabinet. Only designated employees should have access to these documents.
2. Go paperless and save important files to a drive or secure cloud storage server. Make data backup part of your routine business operations.
3. Encrypt your data in transit and at rest, making it unusable should hackers gain access.
Properly Dispose of Outdated Documents
After backing up and securing all important documents and data, secure disposal of documents your business no longer needs is vital to your information cleaning efforts. Every business holds different data, thus it’s important to distinguish the right way to dispose of outdated documents and machines.
Three Business Data Disposal Tips
1. Shred all documents that are no longer necessary, including tax records. Research the nearest community shredding event if you don’t have a shredder onsite.
2. Hard drives cannot simply be erased and recycled, they must be suitably destroyed before disposal.
3. Although penalties vary by state, avoid a hefty fine by following secure data disposal procedures that meet, or exceed, those requirements.
Devote the time to clean up your business documents to ensure your sensitive client and employee information is protected. Stay tuned next month for more tips on spring cleaning for your small business.
Tips to Clean Up Your Business Data
- Password Protect Your Data. Use strong passwords to safeguard systems that hold sensitive documents.
- Research a Backup Cloud System. Make sure you are backing up your business data into a secure database.
- Invest in a Hard Drive Destroyer. Solely erasing a computer’s memory is insufficient, as hackers can still recover the information. Be sure to use an R2 or e-stewards certified vendor for any disposal, shredding, or wiping to guarantee all data is securely destroyed.
- Encrypt All Data. By encrypting your digital data, your information will be useless to hackers that attempt to attack your organization.
Recommended for you: 5 Ways Cybercriminals Are Targeting Your SMB
This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. CenturyLink does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user.