1. Secure sensitive customer, employee data. Store paper files and removable storage devices containing sensitive information in a locked drawer, cabinet, or another secure container. Restrict access to sensitive data to those who have a need to know. Make sure that all such access is noted on a log so that you have an ongoing history of who has sought such information.
2. Properly dispose of sensitive data- Shred, shred, and shred. Remove all data from computers and storage devices before disposing of them.
3. Employ password protection for all mobile devices such as laptops and smartphones. Create unique usernames and a strong password that is changed periodically.
4. Control physical access to business computers. Create user accounts for each employee, including business laptops with no exception whatsoever. Laptops need to have password protection and be locked when appropriate. Limit network access on computer stations particularly in reception areas.
5. Encrypt data. This helps protect the security and privacy of files. Make sure the encryption is done on all laptops, mobile devices, flash drives a backup tape.
6. Malware protection. Install and use antivirus software. Make sure that potential virus threats are made known to the employee base as soon as possible.
7. Update your systems. Keep all of your software protection updated regularly.
8. Access to your network. Create a firewall. Be careful in attempting to use free security software as it has the potential to infect your network. Allow remote access to your network only through protected passcodes and pursuant to a VPN-Virtual Private Network. To the extent that you have WI-FI in your workplace, make sure it is secure and encrypted and that a password is required for access at all times.
9. Verify the security controls of third parties. Be sure that the data protection practices of third parties meet the minimum requirements of your company before the business is done.
10. Policies and their importance. Document these policies and practices and distribute them to your team. Update your policies and practices regularly. Keep retraining your staff as the need requires.