DocuCrunch.com » Better Business Bureau http://www.docucrunch.com Just another WordPress weblog Sun, 27 Nov 2011 20:23:35 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 7 key steps for data security in small businesses http://www.docucrunch.com/data-security-heres-help-for-small-to-midsize-businesses http://www.docucrunch.com/data-security-heres-help-for-small-to-midsize-businesses#comments Tue, 16 Mar 2010 16:49:26 +0000 Steve Hannaford http://www.docucrunch.com/?p=2813 Even small companies have a big problem with data security. It’s inevitable that there will be some critical data (employees’ records, credit card numbers) on the computer system. But in a small company, the most basic security steps often get overlooked.

The Better Business Bureau (BBB), in alliance with software company Symantec, credit card company Visa and several other security-related companies, now offers a free and easy-to-use downloadable package. This package contains help for the non-expert, including checklists, procedures, explanations of risk, and links to other resources on the Web.

The program is called “Data Security – Made Easy.”

It includes lots of practical information on how to get started with data security procedures, how to identify vulnerabilities, and how to evaluate the costs and benefits of new security initiatives. Again, it’s aimed at the owner or manager of a small business who needs to know the basics. Even if you plan to get outside help, you should know what you are paying for and which features you really need.

The BBB outlines a seven-step plan to developing a data security policy:

  1. List what types of data the company stores (names, addresses, account numbers, etc.)
  2. List how that data is stored (paper files, electronic documents, etc.)
  3. List all the places where it’s stored (cabinets, computers, smartphones, external storage)
  4. Make an inventory of how data is moved and who has access to it
  5. Identify which security controls your company has in place, and which you don’t (the BBB provides a checklist)
  6. Evaluate the costs vs. the benefits of the different practices, and identify which ones make sense for the kind of data you have to protect, and
  7. Write them down.

Another particularly useful section is entitled “If Customer Data is Stolen or Lost — What to Do Next.” That’s a situation few businesses are prepared to deal with, and the site gives a checklist of sane procedures to limit damage and liability:

  1. Create a breach notification policy
  2. Train employees to recognize breaches
  3. Gather the facts immediately after a breach
  4. If financial info was taken, notify appropriate financial institutions
  5. Talk to outside counsel, and
  6. Notify affected customers.

It’s an impressive, well-designed site. Even more sophisticated data managers would do well to take a look.

]]> http://www.docucrunch.com/data-security-heres-help-for-small-to-midsize-businesses/feed 1