As a small business owner, you have a responsibility to protect data belonging to your customers, employees and company. And it’s not only data belonging to big businesses that criminals are going after; each day, small organizations fall victim to data breaches resulting in very real consequences. According to AccountingWeb, 80 percent of small businesses that experience a data breach suffer serious financial losses. Luckily, there are valuable lessons to be learned from companies that have already fallen victim.
Don’t exceed retention periods
Records retention periods outline clearly defined periods for holding on to information. However, these timeframes are often mismanaged or altogether ignored. Some small business owners take on a hording mentality, holding on to every last bit of information indefinitely. In addition to creating serious physical space constraints, exceeding retention periods also increases data breach exposure. Although no longer useful, your expired documents and data storage devices may still contain:
- financial information
- proprietary data
- clients’ personal information
In order to prevent identity theft and business fraud, final disposition dates within a retention schedule should always be followed. A professional records management solution ensures that retention guidelines are always followed and that documents and devices containing expired data are destroyed in a timely manner.
Don’t rule out worst case scenarios
Preventing theft of corporate data is a non-negotiable, but so is protecting your information from other circumstances beyond your control. Your data can be permanently lost due to any of the following events:
- natural disasters such as earthquakes, tornadoes and hurricanes
Problems occur when the majority of your data is stored on-site. Disaster recovery and business continuity experts recommend that mission-critical data be stored in a secure location away from your primary place of business. Several factors should be considered when choosing an off-site location:
- technology and methods for managing inventory
- security and surveillance systems
- controlled and limited access to screened personnel
Paper and electronic records have different storage requirements, so all data storage media should be stored and managed in a fire-rated vault equipped with the following:
- ceramic fire walls
- magnetic shielding
- zone 4 earthquake resistance
Don’t assume data security awareness
You have to educate and train your employees about data security best practices. Training can range from common-sense approaches—such as not leaving computer screens and sensitive documents unattended at workstations—to encrypting data prior to exchanging it. Protocols should be established with regard to:
- BYOD (bring your own device)
- secure web browsing
- portable USB use
- file and document retrieval
It’s important to remember that data security education is ongoing and should be scheduled regularly for the good of your business.
Richards & Richards provides records and information management solutions to business throughout Nashville. For more information about how we can strengthen data security for your company, please contact us by phone or complete the form on this page.