I would enforce seperation of duties so that no one has access to ALL of the information. Placing firewalls, encrypting data, having a clearly posted policy regarding information access and sharing. Employees would have to sign a contract stating that they would not share/access information that they are not allowed to. This contract would also clearly outline punishment for breaking these rules.
apart from what you have, I have a couple of other pointers. We should have a method by which all the information - entities are not in the same computer. We will keep some of the critical information on one of the computer and another in a personal laptop or home desk top of the owner. So that at the time of theft, not all information is available to the person taking the information.
Ensuring regular backup of information into another external drive and only keeping certain customer data in the store pc.
Also, we could make sure we are not storing information we do not need or are not legally allowed to save. If we are required to save it, we must determine how long we have to save it. If we are legally saving data for business-related purposes, we should only save it for as long as necessary. We could suffer reputation risk if we have a data breach. Our reputation will take a bigger hit if we had no reason to save the data, saved it for longer than necessary or did not have reasonable security measures in place to protect the data.
Another aspect to this question is the theft. We have a wide range of employees, those who worked with grand father and those who are new, Those with different backgrounds and need. Two things we as owners must take care of Employee Trust - This will come from the way we behave them, entrust them with tasks, how we talk to them and make them comfortable. Control over unethical situations Any employee caught over an unethical act such as data breech, stealing goods or cash, must be talked to and then fired. talking over the act gives other employees a feeling that we as owners listen and give the culprit a chance to speak, and also we as employers get to know what could be the cause for this this act. Fire them. Because a pardoned culprit can repeat the act or encourage another employee to do the same.
I would enforce seperation of duties so that no one has access to ALL of the information. Placing firewalls, encrypting data, having a clearly posted policy regarding information access and sharing. Employees would have to sign a contract stating that they would not share/access information that they are not allowed to. This contract would also clearly outline punishment for breaking these rules.
ReplyDeleteapart from what you have, I have a couple of other pointers.
ReplyDeleteWe should have a method by which all the information - entities are not in the same computer. We will keep some of the critical information on one of the computer and another in a personal laptop or home desk top of the owner. So that at the time of theft, not all information is available to the person taking the information.
Ensuring regular backup of information into another external drive and only keeping certain customer data in the store pc.
Also, we could make sure we are not storing information we do not need or are not legally allowed to save. If we are required to save it, we must determine how long we have to save it. If we are legally saving data for business-related purposes, we should only save it for as long as necessary. We could suffer reputation risk if we have a data breach. Our reputation will take a bigger hit if we had no reason to save the data, saved it for longer than necessary or did not have reasonable security measures in place to protect the data.
ReplyDeleteAnother aspect to this question is the theft.
ReplyDeleteWe have a wide range of employees, those who worked with grand father and those who are new, Those with different backgrounds and need.
Two things we as owners must take care of
Employee Trust - This will come from the way we behave them, entrust them with tasks, how we talk to them and make them comfortable.
Control over unethical situations Any employee caught over an unethical act such as data breech, stealing goods or cash, must be talked to and then fired. talking over the act gives other employees a feeling that we as owners listen and give the culprit a chance to speak, and also we as employers get to know what could be the cause for this this act. Fire them. Because a pardoned culprit can repeat the act or encourage another employee to do the same.