What Your Employees Need to Know about Data Privacy

professional pretty female office worker wearing headset talking with customer and typing data into online system to solve cyber security problem.What do your employees understand about data privacy? Are they putting your customers, vendors or even themselves at risk? In this blog, we discuss key data privacy factors your employees need to know.

Data Privacy Is the Law

Several federal well-known federal laws mandate how companies must store, send, and dispose of personally identifiable information (PII) and protected health information (PHI), including:

  • HIPAA
  • FACTA
  • FERPA
  • GLBA

Failure to comply with these regulations may result in fines and/or penalties, so your employees need to the know the requirements of each law that applies to your organization. Regular training sessions can help your staff stay abreast of privacy compliance regulations.

Data Stored on Electronic Devices is Vulnerable

Data stolen from corporate hard drives, tapes, laptops, and mobile devices fetches top dollar on the black market. As a result, it’s important for employees to maintain a chain of custody for devices issued to them and understand the ramifications if those devices leave their possession. Outdated or unusable devices should never be thrown in the trash or recycled without physical destruction. A media destruction service allows for secure data disposal across your organization. Your unwanted digital devices are professionally destroyed, and you receive a Certificate of Destruction.

Passwords Can Be Broken

Weak password security still poses big problems for small businesses. Easy-to-remember passwords are the most vulnerable to hacking, so your employees should use passwords that combine letters, numbers, and non-alphanumeric characters. A password management application can generate strong, encrypted passwords that are impossible to crack.

Communication is Key

Solid communication is the cornerstone to an effective data privacy plan. As an employer, you’re responsible for talking to your employees about data privacy risks. In turn, your employees are responsible for promptly reporting suspicious emails, links, and attachments to their supervisor. The longer your people take to report threats, the greater the potential for widespread damage.

Nothing Posted on Social Media Is Private

Your employees should use discretion when posting to personal and corporate social media platforms. Every Twitter, Facebook, Instagram, and most other social media posts are discoverable. Cybercriminals scour personal and corporate social media posts for morsels of published information that disclose confidential or proprietary information that can be used for social engineering attacks. Having a social media policy can help define security standards and codes of conduct that reduce privacy risks from expanding to full blown attacks.

For more data protection tips, please contact us by phone or complete the form on this page.

DeVries Business Services proudly serves businesses in Spokane, Eastern Washington and Northern Idaho.