Whether it’s corporate secrets, proprietary company information or personal information, it’s common sense that we should always take the necessary steps to safeguard sensitive information so that it remains safe and secure.
When your sensitive information gets into the wrong hands, it can be devastating. We hear of so many cases with tragic consequences after the fact, where information was obtained easily due to lax security policies, inadequate safeguards and short-sightedness.
Here are some ideas to help you safeguard sensitive information.
Basics to Safeguard Sensitive Information
Obtain support for information security from senior management.
Do not waste resources protecting that which does not require protection.
Identify which information should be protected and for how long.
If extremely sensitive, material should be hand-carried or transmitted using encryption techniques.
To dispose of sensitive material, shred it, burn it or make it unreadable.
Valuable company information must not be left unattended in hotel rooms. This includes hardcopy, laptops, ipads, tablets, computer disks and cell phones.
E-mail and voicemail passwords must be protected and changed frequently.
All sensitive materials must be removed from conference rooms and chalkboards and whiteboards erased after meetings.
Where possible, conduct background investigations on all individuals with access to safeguard sensitive information.
Obtain nondisclosure agreements from employees, vendors, and others with access to proprietary information.
Take appropriate steps to control and monitor all computers, laptops, smartphones, cellphones, ipads, and tablets that contain or have access to sensitive information.
Seek a professional security audit from a licensed expert to understand your exposure and get suggestions in order to safeguard sensitive information.
Education: How To Safeguard Sensitive Information
Educate your staff on the importance of safeguarding information.
Determine the monetary/competitive value of your information.
Develop information safeguarding guidelines that are practical and user friendly
Get user input and buy-in when developing an information security program.
Ask knowledgeable employees what should be protected; they know the market and the competition.
Form a partnership with the organization’s legal and information systems departments to better address information security issues.
Identify and get the cooperation of senior stakeholders in key areas, such as technology, finance, personnel, and marketing.
Train and periodically remind-from the first day of work through the exiting process–the appropriate people why certain information needs protection and of the guidelines used to protect it.
Work with management to decide what access will be given consultants, subcontractors, and joint-venture partners.
Partner with the legal department and others to develop a process to review employee publications, such as papers and speeches including those to be placed on the Internet.
Ask new employees if they are obligated under any confidentiality or nondisclosure agreements.
Use annual performance reviews to remind employees of their obligations.
Always Remember: Someone Wants Your Sensitive Information
Disgruntled employees are the greatest threat to your organization.
Telephone conversations, both fixed and mobile, are vulnerable to intercept.
Information regarding the movement of your company aircraft, including routes and destinations, is available for sale on the Internet.
Be knowledgeable of your organization’s physical assets, information assets, and vulnerabilities.