Data security is a crucial concern for businesses with the rise of hacking incidents and technological developments that make it easier to gain access to servers, databases and secure file storage systems. With paper files, a data destruction company would be tasked with shredding, disposing and properly accounting for disposed files. These tasks are still essential in today’s business environment, but the scope of data security has expanded to cover all angles of records management, storage and disposition.

Data Collection

Limit collection of sensitive information from clients and business partners. When you are given access to identifying information such as Social Security numbers, birthdates and account numbers, securing this information becomes your responsibility. As such, limit collection of personal information only to those that your company actually needs to do business.

Access to Sensitive Information

Restrict personnel access to sensitive information by establishing a chain of command where only authorized personnel can retrieve data and only for a specific purpose and time period. Access can be monitored through digital or standard sign-in sheets.

Data-rich digital files and all classified information should be password-protected. In addition, access to these files should be limited to pre-cleared personnel as needed. Software programs should be in place to track access, limit file transfers and restrict printing and copying of classified information.

When it comes to password technologies, recent developments have expanded the ways in which access to sensitive data can be controlled. Touch screen interface now allows for graphic passwords that will need knowledge of pre-selected swipes to unlock files or grant access to application software. High-value data calls for more stringent measures including fingerprint scanners, retina readers, facial recognition and voice recognition technologies.

Distribution of Information

Transfer of digital files should require encryption software. File transfers should only be made through secure channels and behind firewalls.

Printouts of sensitive data should be circulated on an as-needed basis and only to personnel who need to know the information. Hard copies should be secured behind lock-and-key and destroyed when no longer needed. The use of portable storage devices such as USB drives and other external devices to store and transfer sensitive data should be subject to security monitoring.

Monitor software and all applications that are downloaded and used on company-owned equipment including cell phones, tablets and computers.

Data Disposal

Businesses should have a program in place that engages a data destruction company to shred paper files that no longer need to be archived. The program should include management, wiping and destruction of drives and portable storage devices.

Audit data management programs as needed to determine weak links and loopholes that may expose sensitive information to hackers and unauthorized users.

Personnel

Often, the weakest link in an otherwise well-planned data security program will be the personnel behind it. Ensure that individuals who are given access to sensitive information have been properly vetted. Occasional background checks should be conducted during the course of their employment and this requirement should be spelled out as part of pre-employment screening.

When a security breach exposes a company’s vulnerabilities, it will affect business reputation and viability in terms of loss of credibility and potential business. Effective data security needs to cover all aspects of data management.