Service Providers II

Protecting Personal Information
A Guide for Business
 EMPLOYEE TRAINING

Your data security plan may look great on paper, but it’s only as strong as the employees who implement it. Take time to explain the rules to your staff, and train them to spot security vulnerabilities. Periodic training emphasizes the

importance you place on meaningful data security practices. A well-Trained workforce is the best defense against identity theft and data breaches.

  • Check references or do background checks before hiring employees who will have access to sensitive data.

  • Ask every new employee to sign an agreement to follow your company’s confidentiality and security standards for handling sensitive data. Make sure they understand that abiding by your company’s data security plan is an essential part of their duties. Regularly remind employees of your company’s policy—and any legal requirement—to keep customer information secure and confidential.

  • Know which employees have access to consumers’ sensitive personally identifying information. Pay particular attention to data like Social Security 
    numbers and account numbers. Limit access to personal information to employees with a “need to know.” 

  • Have a procedure in place for making sure that workers who leave your employ or transfer to another part of the company no longer have access to sensitive information. Terminate their passwords, and collect keys and identification cards as part of the check-out routine.

  • Create a “culture of security” by implementing 
    a regular schedule of employee training. Update 
    employees as you find out about new risks and 
    vulnerabilities. Make sure training includes employees at satellite offices, temporary help, and seasonal workers. If employees don’t attend, consider blocking their access to the network.
  • Train employees to recognize security threats. Tell 
    them how to report suspicious activity and publicly 
    reward employees who alert you to vulnerabilities.   

  • Consider asking your employees to take the FTC’s 
    plain-language, interactive tutorial at 
    www.ftc.gov/infosecurity
  • Tell employees about your company policies regarding keeping information secure and confidential. Post reminders in areas where sensitive information is used or stored, as well as where employees congregate. Make sure your policies cover employees who telecommute or access sensitive data from home or an offsite location.

  • Warn employees about phone phishing. Train them to be suspicious of unknown callers claiming to need account numbers to process an order or 
    asking for customer or employee contact information.  M
    ake it office policy to double-check by contacting the company using a phone number you 
    know is genuine.

  • Require employees to notify you immediately if there is a potential security breach, such as a lost or stolen laptop.

  • Impose disciplinary measures for security policy violations. 

  • For computer security tips, tutorials, and quizzes for everyone on your staff, 
    visit www.OnGuardOnline.gov.

Security Practices of Contractors
and Service Providers

Your company’s security practices depend on the people who implement them, including contractors and service providers.

  • Before you outsource any of your business functions—payroll, web hosting, customer call center operations, data processing, or the like—investigate the company’s data security practices and compare their standards to yours. If possible, visit their facilities.

  • Address security issues for the type of data your service providers handle in your contract with them.

  • Insist that your service providers notify you of any 
    security incidents they experience, even if the incidents may not have led to an actual compromise of your data.
2004-2010 © Copyright IDentity Theft Business Solutions, Inc.   All rights reserved.         
IDTBS Online Privacy Policy