The Identity Theft Resource Center (ITRC) recently reported that data breaches increased by 47% from 2007 to 2008. Data breaches commonly involve unauthorized access to identification and/or financial information that is stored on a company’s computer or network. It can result in severe financial penalties and irreparable damage to a company’s reputation.
The ITRC has also put together a guide for small and mid-sized businesses that contains steps they can take to reduce their exposure to data breaches and identity theft. The guide can be found here. Some of the highlights include: determining the data the company needs and eliminating all other data from the company’s files/network, storing paper files and disks with sensitive information in a locked room and limiting access to that room, implementing proper shredding procedures, minimizing the number of places or computers where financial information is stored, encrypting all sensitive information that is sent over the Internet, ensuring that employees use responsible computer passwords that are not easy to detect and limit access to those passwords, discontinuing the storage of sensitive information on laptops to the extent possible and establishing confidentiality and security procedures and training employees accordingly.