What’s the best way to protect the sensitive personally identifying information you need to keep? It de- pends on the type of information and how it’s stored. The most effective data security plans deal with four key elements: physical security, electronic security, employee training and the security practices of con- tractors and service providers.

PHYSICAL SECURITY – Many data compromises happen through lost or stolen paper documents.

■ Store paper documents or files, and thumb drives and backups containing personally identifiable information in a locked room or locked file cabinet. Limit access to employees with a legitimate business need.

■ Require that files containing personally identifiable information be kept in locked file cabinets except when an employee is working on the file. Remind employees not to leave sensitive papers out on their desks when they are away from their workstations.

■ Require employees to put files away, log off their computers and lock their file cabinets and office doors at the end of the day.

■ If you ship sensitive information using outside carriers or contractors, encrypt the information and keep an inventory of the information being shipped. Use an overnight shipping service that will allow you to track the delivery of your information.

■ If you have devices that collect sensitive information, like PIN pads, secure them so that identity thieves can’t tamper with them.

ELECTRONIC SECURITY – Make it your business to understand the vulnerabilities of your computer system, and follow the advice of experts in the field.

■ General Network Security 3 Identify the computers or servers where sensitive personal information is stored.

3 Identify all connections to the computers where you store sensitive information. These may include the internet, electronic cash registers, computers at branch locations, computers used by service providers to support your network, digital copiers, and wireless devices like smartphones, tablets, or inventory scanners. Assess the vulnerability of each connection attacks.

3 Don’t store sensitive consumer data on any computer with an internet connection unless it’s essen- tial for conducting your business.

3 Encrypt sensitive information that you send to third parties over public networks (like the internet), and encrypt sensitive information that is stored on your computer network, laptops, or portable storage devices used by your employees.

3 Regularly run up-to-date anti-malware programs on individual computers and your network servers. 3 Restrict employees’ ability to download unauthorized software.

3 When you receive or transmit credit card information or other sensitive financial data, use Transport Layer Security (TLS) encryption or another secure connection that protects the information in transit.

3 Pay attention to the security of your web applications since they may be vulnerable to a variety of attacks.

Mar/Apr | The Retailer Magazine | 25

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36