NFIB

How to Keep Your Business Information Confidential
04/ 09/ 2002

In today's interactive business world almost every type of company generates a great deal of information that should be considered confidential -- finances, employee records and anything else concerning the company's activities that could be harmful in the wrong hands. In today's Workshop, Jeffrey Moses suggests common sense ways to keep this information private.

Confidential information is usually stored as paper records, on computer disk or hard drives, or on servers that archive e-mail and other electronic messaging content. During the "active" stage of stored information (when the information is required to be readily available), it needs to be monitored constantly and kept in locked files or in drives accessible only by authorized individuals. Data and other types of information should not be left onscreen, in fax machines, on desks or in drives that can be accessed without PINs (Personal Identification Numbers) or passwords.

When confidential information is no longer "active," it should be disposed of so that there is no possibility of unauthorized use. "Dumpster diving" is widespread, and private investigators are taught how to effectively sort through trash to find information they need. Disgruntled employees also may have easy access to the most confidential company information.

The safest and most efficient way to dispose of unwanted records in any form is shredding. Depending on an office's need, shredders are available to destroy virtually all types of media, from single checks to entire hard drives and video cassettes.

One of the greatest risks of information leakage is much harder to control. Office workers, managers and executives can relay information to unauthorized individuals both within and outside of a company. Many employees have access to confidential information, and they should be trained in ways to safeguard this information -- including locking away all confidential information, making use of security features on their computers and avoiding inadvertent verbal communications with others.

Of course, this training can be effective only when employees are equipped with proper security devices. All file cabinets and desks should be purchased with security in mind. Computers, storage media and e-mail should have security features that make unauthorized use impossible.

Even the most advanced security systems can break down. But by planning ahead and being conscious of the importance of security, a company can take a firm stand against possible breaches in confidentiality.

Small Business Sound Off
Does this story hit home?  Share your story with us