Protecting Corporate Information | How-to Guides for running your business from Business.com

A small business's information is as important an asset as anything physical it owns. Protect your company's and your customers' data. Many breaches of privacy or releases of sensitive business information are inadvertent and can be prevented by educating employees about confidentiality and using monitoring to confirm compliance. Ensuring your staff follows the right procedures will:

Protect your business by keeping trade secrets and valuable information from your competitors
Keep your customers happy by safeguarding their private information
Defend your company against losses from data theft or fraud

Action Steps
The best contacts and resources to help you get it done

Set policies on confidential information

First, identify what information your business needs to protect (customers' private information, financial data, trade secrets, and so forth). Second, determine who handles that information, and how it should be protected. Your policy should clearly state that the company owns its information and identify the types of information that must be kept confidential, the processes by which data security will be ensured, and the consequences for violating the policy.

I recommend: The Business Owner's Toolkit has advice about setting confidentiality policies.

Educate your employees about privacy and ownership of information

Communicate your policy at hiring and reinforce it afterwards. Signing each page or item on the policy will demonstrate that employees have read it. A quiz or role-playing training will ensure that employees understand the policy. Enlist your employees' help and make them feel trusted and part of a team. This will not only protect against accidental disclosures but may increase morale and loyalty.

I recommend: The Better Business Bureau's Security and Privacy Toolkit has information on training employees; so does FindLaw.

Have your employees sign nondisclosure agreements

A nondisclosure or confidentiality agreement is a legal contract between employer and employee that binds the employee to keep the company's information confidential. Consideration (something of value) must be given on both sides; however, on the employers' side consideration can be as simple as "you get to keep your job." However, nondisclosure agreements cannot be too broadly written. Only information which the company can prove is actually important and protected counts. Ideally, nondisclosure agreements should be signed when an employee is hired, but it is possible to implement them later.

I recommend: Get templates of confidentiality and nondisclosure agreements from LawGuru.com and AllBusiness.com.

Monitor employees as needed

Trust but verify! The more valuable your confidential information is, the more your business must guard against data theft and fraud. For most employees, letting them know what is expected of them is sufficient; for bad apples, monitoring may be necessary. What kind depends on the sensitivity of your information and the size of your business. A mom-and-pop store may simply want a camera over the register to ensure that cashiers don't keep credit card data; a workshop or plant may want to limit access to workrooms or labs.

I recommend: Monitor what goes on at your workplace through video surveillance; use electronic ID cards, such as SafeNet's smart cards, to control access to doors and computers; or use biometric security devices.

Control electronic communications, Internet use and data transfer

It's common practice to guard your electronic data through software that monitors email, Internet use and file sharing. Here again, let your employees know what your policies are. Reassure them that no one is reading their email for fun but emphasize that all data on company computers is company property and subject to filters and monitoring. Use passwords and access permission to limit the right to see confidential information to only those employees who need it.

I recommend: There are many software solutions for monitoring and controlling the use of your businesses' computers; here are comparative reviews and links to purchase some top products.

Tips & Tactics
Helpful advice for making the most of this Guide

Communicate your confidentiality policies clearly and often; employees will take confidentiality to heart if it becomes part of your company's culture.
Let your customers know that you carefully guard their personal information. It will boost their confidence and help build your business.
Protect your data and assets, but beware of going too far. Creating a Big Brother atmosphere may alienate your employees and harm productivity.
Don't allow monitoring or need-to-know access policies to impede work flow. Confidentiality should be part of the job, not a block to productivity.

More Featured Listings

Confidentiality and Employee Monitoring Tools
Stop Web abuse in the workplace. Monitor employee Internet access with accurate, detailed reports. Anonymous ID option helps maintain confidentiality.
Free Trial
www.Wavecrest.net