A recent survey shows that small businesses are specifically being targeted by cybercriminals – because data is not as secure as it should be. In fact, according to the Verizon 2011 Data Breach Investigations Report, most data breaches could be avoided if companies had fundamental security precautions in place.
Having a privacy policy is the first order of business. Here are three additional areas where small businesses can improve their information security:
EMPLOYEE TRAINING. Thirty one percent of small businesses have never trained their employees about the importance of information security. Start holding quarterly training or retraining sessions for all employees so the privacy policy is understood and followed.
COMPLIANCE REQUIREMENTS. Many small businesses do not realize that protecting sensitive information is the law. Stay up-to-date about privacy legislation in your industry and be sure any policies are adapted and reinforced.
DOCUMENT DESTRUCTION. More than half of the 24.6 million small businesses in the U.S. do not have a secure method of document destruction. Experts recommend a regularly scheduled document destruction process so confidential paper waste doesn’t accumulate. Shredding – documents and e-media – is the preferred method of destruction. Confidential documents that need to be destroyed should be in locked consoles before they are securely shredded. A reputable shredding company will recycle shredded paper products as well and provide a Certificate of Destruction after every shred.