8 Tips to Help Reduce Your Risk of a Data Breach

Date: July 15, 2013


1. Lock and Secure Sensitive Information Stored in Paper Files and on Removable Storage Devices

More data security tipsTheft or loss, and the subsequent unauthorized release, of sensitive data, or Personally Identifiable Information (PII) (eg: social security number, credit/debit card information, medical records/charts), stored in paper files and/or a removable storage device (eg: computer disk, thumb drive) may constitute a data breach. Never leave sensitive information unattended. Store it in a locked drawer, cabinet, safe or other secure container when not in use. Also consider installing an alarm system that alerts law enforcement if you have a break-in on your premises.

2. Restrict Access to Data

Restrict access to sensitive data, whether physical or electronic, to those who have a “need to know.” Most employees do not need unrestricted access to your company’s entire network. Remember to limit network access on computer stations located in public spaces, such as the reception area.

     RELATED: 5 Steps to Iron-Clad Data Security

3. Properly Dispose of Sensitive Data When No Longer Needed or Required

Shred documents containing sensitive data prior to recycling. Remove all data from computers and electronic storage devices – including those on copy machines – prior to disposing of them.

4. Record and Regularly Review Data Practices

Distribute and explain data protection practices to all employees. Review and revise these practices on a regular basis – at least annually. Make sure to retrain staff as changes to your data practices are made.


Data Loss by the Numbers

  • 64% of data breaches in 2010 were from organizations with fewer than 100 employees
  • 95% of all credit card breaches are against small business
  • 52% of small business owners reported they have no data security policy

5. Password Protect Systems

Password protection helps to prevent unauthorized access to sensitive information, protect security of personal information and prevent unauthorized access to user and email accounts. All users should be assigned unique user names and strong passwords for access to systems – changed at least quarterly. Conduct a password audit on a regular basis.

6. Encrypt Data

Encryption helps protect the security and privacy of files as they are transmitted or while on your computer. Install encryption onto all laptops, mobile devices, flash drives and back-up tapes, and encrypt emails that contain sensitive information.

7. Ensure That Remote Access to Your Network Is Secure

Remote access to your network should be made through appropriately enabled Virtual Private Network (VPN) connections and multi-factor authentication (e.g. soft tokens or fingerprints in addition to passwords). Passwords should be changed on a regular schedule and meet minimum complexity and length requirements.

     RELATED: 3 Tips to Secure Your Data in the Cloud

8. Keep Software and Operating Systems Current

Keeping your software and operating systems current by installing software and security updates is your first line of defense against hackers, who often take advantage of unprotected systems to gain access to sensitive data stored on a computer.

You should also have a firewall and up-to-date anti-virus programs. A firewall helps to prevent your system from being attacked, while anti-virus software inspects the files and programs on your system to ensure they are not infected. Both are critical in helping to protect sensitive information stored electronically.

To maintain the most up-to-date protection, download recently issued system and security updates and antivirus and anti-malware updates to help protect you against the newest forms of viruses, Trojan horses and other malicious software.

     READ MORE articles on data security and download the NFIB Guide to Data Security.

NOTE: If your network security functions are outsourced to a 3rd Party, obtain documentation to understand how your company’s data is protected, and, when appropriate, perform on-site due diligence. It’s also important to have contract language that specifies privacy and data security expectations and grants you the right to audit the 3rd Party.

While these data protection policies, procedures and training can help reduce the likelihood of a data breach, no company can be completely certain that its customer, patient or employee data could never be at risk. For this reason, it is important for companies to also have appropriate data breach insurance coverage in place.

-Content provided by The Hartford Financial Services Group

The Hartford Financial Services Group

blog comments powered by Disqus

Subscribe For Free News And Tips

Enter your email to get FREE small business insights. Learn more

Get to know NFIB

NFIB is America's leading small business association, promoting and protecting the right of our members to own, operate and grow their business

Find out more about
NFIB Membership

Or call us today