Small to mid-sized business executives and managers often worry about the security of their company's sensitive files. What is the best way to harbor a healthy flow of information while keeping your company information secure?
Most of this kind of sensitive information should not be stored on a computer's hard drive. If someone were to get a hold of client credit card information the company is subject to lawsuits. Instead, consider using a third party services that manages this for you such as PayPal, eBay or AcceptPay. These processors can facilitate transactions but more importantly keep credit card data out of employees' or hackers' reach which will limit the company's exposure and decrease the risk for fraud and identity theft.
Human resource records are an example of information that requires special attention. Be mindful of this and other sensitive company information because what is stored electronically may become a liability.
Most information should be free flowing between departments and staff members. If employees sense that you are trying to hide something there is likely a larger issue to address. Staff should have relevant and pertinent company information related to his/her job function.
Another solution is to have employees sign in using individually assigned usernames and passwords to a secure server. This assures employees are responsible for the company information they save and access.
Before handing out laptops, cell phones and other items to employees consider setting up a remote solution for wiping each device from important company files. If you are worried about expensive hardware disappearing make each employee accountable for the products they are issued either by having them sign a waiver allowing employer to deduct an amount from wages or requiring employees to pay a deposit that will be refunded when the items are returned.
Yes, you want to know what your employees are up to but serious monitoring is somewhat unsettling and extremely time consuming. Website logging, keystroke tracking, videoing or any other form of spying can cause backlash, send the wrong message and create suspicious distrusting employees. Website filters will inevitably block good content along with the bad which can have a negative effect on productivity and cause unnecessary frustration for hardworking employees.
If you detect a problem it is easier to resort to more traditional methods of management such as evaluating a person's daily/weekly productivity and walking around to get a feel for what might be going on in the office. Also, make sure that company policies are in place so that you have a method of recourse in the event of a problem. The company policy should clearly state a web use policy and outline what is unacceptable in the workplace.
Quick checklist for properly securing company information
* Know what files you have and where the information is stored
* Keep only one copy of all current necessary information
* Minimize exposure by getting rid of old and unnecessary files
* Properly dispose of what is no longer needed
* Lock and protect files in your care
* Know what to do if your plan is compromised
* Most importantly, perform regular security assessments
Most of this kind of sensitive information should not be stored on a computer's hard drive. If someone were to get a hold of client credit card information the company is subject to lawsuits. Instead, consider using a third party services that manages this for you such as PayPal, eBay or AcceptPay. These processors can facilitate transactions but more importantly keep credit card data out of employees' or hackers' reach which will limit the company's exposure and decrease the risk for fraud and identity theft.
Human resource records are an example of information that requires special attention. Be mindful of this and other sensitive company information because what is stored electronically may become a liability.
Most information should be free flowing between departments and staff members. If employees sense that you are trying to hide something there is likely a larger issue to address. Staff should have relevant and pertinent company information related to his/her job function.
Another solution is to have employees sign in using individually assigned usernames and passwords to a secure server. This assures employees are responsible for the company information they save and access.
Before handing out laptops, cell phones and other items to employees consider setting up a remote solution for wiping each device from important company files. If you are worried about expensive hardware disappearing make each employee accountable for the products they are issued either by having them sign a waiver allowing employer to deduct an amount from wages or requiring employees to pay a deposit that will be refunded when the items are returned.
Yes, you want to know what your employees are up to but serious monitoring is somewhat unsettling and extremely time consuming. Website logging, keystroke tracking, videoing or any other form of spying can cause backlash, send the wrong message and create suspicious distrusting employees. Website filters will inevitably block good content along with the bad which can have a negative effect on productivity and cause unnecessary frustration for hardworking employees.
If you detect a problem it is easier to resort to more traditional methods of management such as evaluating a person's daily/weekly productivity and walking around to get a feel for what might be going on in the office. Also, make sure that company policies are in place so that you have a method of recourse in the event of a problem. The company policy should clearly state a web use policy and outline what is unacceptable in the workplace.
Quick checklist for properly securing company information
* Know what files you have and where the information is stored
* Keep only one copy of all current necessary information
* Minimize exposure by getting rid of old and unnecessary files
* Properly dispose of what is no longer needed
* Lock and protect files in your care
* Know what to do if your plan is compromised
* Most importantly, perform regular security assessments
No comments:
Post a Comment
Please post your comment relevant to the topic. If you need also can add a link to it but don't spam.