Become a Member

The Steps to Take to Protect your Customers’ PII (Personally Identifiable Information)

If you have a company, chances are you keep a log of your customers’ personally identifiable information (PII) such as names, addresses, phone numbers, credit card numbers, etc… which is readily available to perform business functions. If such is the case, what steps do you take to protect all this sensitive data? It is important to keep this information private and secure, otherwise it could end up in the hands of people who wish to do harm, whether it be financial, cyber, or another form. Leaving this information unprotected and susceptible to thieves and/or hackers could mean the loss of loyal customers and their trust, and possibly even a lawsuit. Keeping sensitive information protected and out of the hands of would-be thieves not only protects you and your customers, but it’s a good business practice as well. Let’s take a look at some steps you can take to protect this information:

 

  • Inventory – The first step to protecting this information is to know what information you have and where it is located. In our current digital age, the majority of this information is probably on your computer. To this effect, inventory any and all electronics which store data. The next step in this process is to identify: who sends information, how your company receives and processes it, the kind of information you collect and where it is kept and, finally, who has access to it. You should focus most of your attention on personally identifiable information, as thieves will mostly use this to commit fraud and/or identity theft.
  • Minimize – The next step to take in protecting information is to really consider if your business needs to keep it in the first place. If not, make adjustments to the electronics which receive information and dispose of the information securely and properly. If, however, you find the need to keep this information, only keep it for as long as necessary.
  • Keeping it Secure – Once you determine the information you need to keep, be sure you have a proper procedure for doing so safely and securely. This can be done in one of the following four ways: physical security, electronic security, employee training, and the security protocols used by contractors and service providers. Whichever you choose, be sure to store the information properly and securely, keeping up-to-date with any modifications or updates on the best practices of storing information.
  • Proper Disposal – When you’ve decided to get rid of data, what do you do? How do you get rid of it? You can dispose of physical paper records by shredding, burning, or pulverizing. If you’re looking to dispose of electronics which contain sensitive client information, use software to clean out the hard drives and disks where this information is stored. Be sure all employees follow the same procedures.

 

  • Plan for the Future – Security breaches are a threat to any company and its clients. Implement an effective security plan to combat any security attack or breach. In the case of a compromised computer, the first step should be to disconnect it from the network. If a security incident does occur, investigate it immediately to determine and close up threats and vulnerabilities. Lastly, know whom to notify both inside and outside the company in the case of a security breach. This may include customers, law enforcement, and/or credit bureaus . Consult your attorney as well, as a number of states have laws and regulations in place to properly address data breaches.

BLS Provider CPR (1-day Initial or Renewal Course, multiple sessions available)

(Initial or Renewal Course based on the 2015 AHA Guidelines)
Basic Life Support (BLS) is the foundation for saving lives after cardiac arrest. This course teaches both single-rescuer and team basic life support skills for application in both in-facility and prehospital settings. This course is designed for healthcare professionals and other personnel who need to know how to perform CPR and other basic cardiovascular life support skills.

In addition, BLS training can be appropriate for first responders, such as police officers and firefighters, as well as for laypeople whose work brings them into contact with members of the public, such as school, fitness center, or hotel and restaurant employees.

Students must pass a written exam and skills test in order to qualify for a BLS Course Completion Card.
Upon successful completion of this course, students will receive a completion cad valid for 2 years.

Conveniently scheduled on Saturday, please choose the session that works best for you.

REGISTER NOW!

Data Security Part II Practical Tips

Our growing dependence on technology, whether at the office, home, or on our mobile devices, demands equal (if not greater) demands for data security.  While computers can be enormous time-savers and powerful business tools, they can also leave you, your family, and business open to cyber attacks aimed at gaining critical information.

Business  IT Department are busy keeping a vigilant eye on the latest trends in “cyber security,” but this responsibility lies not solely on the IT experts but on individuals as well.  This shared awareness means that safety measures must be taken by all family members and by every level of a company’s infrastructure.  Leaving yourself open to a data breach can be either unintentional or done knowingly.  Here are a few tips for non IT experts to follow on a daily basis to ensure the integrity of the data on your devices.

  • Password Management – Believe it or not users are still exercising poor use of password choices.  Statistics show that a hacker can access files within 12 seconds if a password is only 5 characters long.  The odds get even worse if the password is something personal to the owner.  Passwords should have two-factor authentication, be changed routinely, consist of varying number/characters and not be stored on the device.  Hard to believe that even in 2015, with cyber attacks up 400% from just a few years ago, that people still use the word “password”  as their password!
  • Keep your devices locked up – Never leave your laptop, phone, tablet or desktop open to outsiders.  This means that all computers should be carefully locked up from outside subcontractors/clients/competitors etc. (like office cleaning crews). They should not be out of your sight when traveling or bringing your devices to client meetings or other out-of-office events.
  • Keep current on updates – Make sure that all the existing security settings your computer comes with are turned on. With automatic updates your computer can scan regularly at the optimal level for viruses and spyware.  Stay current on spyware and antivirus programs by looking into add-on programs.  Bankrate made several suggestion in their latest article on data security.  The include:  Zone Alarm, Ad-Aware, or Spybot Search & Destroy.
  • Be wary of attachments or downloads – Never open or execute any e-mail attachment if you don’t know the person. Spam attacks are getting more polished and hard to identify.  Even forwarded messages from friends can contain dangerous URL.
  • Be careful when surfing publicly – It is inevitable that using your devices will happen in a public setting whether it is out at dinner with a client or at a coffee shop catching up on work.  While it is tempting to open and access files that are on remote computers, realize that you are also opening yourself to a major security risk and are depending on a third party for security.

For even more tips read more at the United States Computer Readiness Team website where they have an extensive resource list for all your data security questions.

Data Security – Part I Statistics

“Data breach.  We’ve been hacked!”  Two phrases that every IT department dreads hearing.  According to a recent study by IBM Security,  2.5 quintillion bytes of data are created daily.  That is an immense amount of information to protect from hackers, inside thefts, poor security protocols, and stolen or lost media. Data security, therefore, is a critical part of protecting data such as databases, applications or reports across business and personal environments.  How prevalent are security attacks?  Let’s investigate security statistics and who is commonly attacked.

Security by-the-numbers – The Global Security Report by Trustwave sheds light on the widespread and growing number of security breaches worldwide.

  • 71% of security breaches target small businesses – small businesses are usually the least equipped to protect against an attack. Most hackers will prey on the weak.
  • 69% of cyber attacks target retailers and restaurants – due to the large amount of sensitive credit card data that passes through these types of small businesses, they have become a prime target for profit seeking attackers.
  • 28,765 records are stolen on average per data breach – this statistic shows that businesses are storing more sensitive information than they should – more information than is safe.
  • USD40 million – This is the estimated cost in US dollars due to security breaches.

While small businesses are common targets for hackers and cyber criminals, large corporations are not immune to security attacks. For example here are some of the more recent data breaches just this year alone.

  • Anthem, the worlds second largest health insurer reported that the names, dates of birth, social security numbers, member ID’s, addresses, phone numbers, email addresses and employment information of 80 million members was compromised.
  • Home Deport reported this year that malware was installed on cash register systems across 2,200 stores that siphoned credit card details of 56 million customers.  It is believed that Russian hackers are responsible.  It is possible that the hackers are the same group that attacked Target, Sally Beauty, and P.F. Changs.
  • Target investigators believe that data was stolen via software installed on computers.  The software was able to gather credit card information each time a credit card was swiped during a purchase.  It is believed that 40 million customers were effected.
  • Ebay, one of the largest online retailers reported one of the largest breaches this year with hackers using stolen credentials to access a database containing all user records.  145 million people were impacted.

Data security is a topic that all companies, large and small need to address.  Check back for tomorrow’s blog where we will continue our discussion of data security protection.