Protecting Corporate Information

Teach your staff how to keep a secret

By Jo Averill-Snell, writer, researcher

A small business's information is as important an asset as anything physical it owns. Protect your company's and your customers' data. Many breaches of privacy or releases of sensitive business information are inadvertent and can be prevented by educating employees about confidentiality and using monitoring to confirm compliance. Ensuring your staff follows the right procedures will:

Protect your business by keeping trade secrets and valuable information from your competitors
Keep your customers happy by safeguarding their private information
Defend your company against losses from data theft or fraud

Set policies on confidential information

First, identify what information your business needs to protect (customers' private information, financial data, trade secrets, and so forth). Second, determine who handles that information, and how it should be protected. Your policy should clearly state that the company owns its information and identify the types of information that must be kept confidential, the processes by which data security will be ensured, and the consequences for violating the policy.
Try: The Business Owner's Toolkit has advice about setting confidentiality policies.

Educate your employees about privacy and ownership of information

Communicate your policy at hiring and reinforce it afterwards. Signing each page or item on the policy will demonstrate that employees have read it. A quiz or role-playing training will ensure that employees understand the policy. Enlist your employees' help and make them feel trusted and part of a team. This will not only protect against accidental disclosures but may increase morale and loyalty.
Try: The Better Business Bureau's Security and Privacy Toolkit has information on training employees; so does FindLaw.

Have your employees sign nondisclosure agreements

A nondisclosure or confidentiality agreement is a legal contract between employer and employee that binds the employee to keep the company's information confidential. Consideration (something of value) must be given on both sides; however, on the employers' side consideration can be as simple as "you get to keep your job." However, nondisclosure agreements cannot be too broadly written. Only information which the company can prove is actually important and protected counts. Ideally, nondisclosure agreements should be signed when an employee is hired, but it is possible to implement them later.
Try: Get templates of confidentiality and nondisclosure agreements from LawGuru.com and AllBusiness.com.

Monitor employees as needed

Trust but verify! The more valuable your confidential information is, the more your business must guard against data theft and fraud. For most employees, letting them know what is expected of them is sufficient; for bad apples, monitoring may be necessary. What kind depends on the sensitivity of your information and the size of your business. A mom-and-pop store may simply want a camera over the register to ensure that cashiers don't keep credit card data; a workshop or plant may want to limit access to workrooms or labs.
Try: Monitor what goes on at your workplace through video surveillance; use electronic ID cards, such as SafeNet's smart cards, to control access to doors and computers; or use biometric security devices.

Control electronic communications, Internet use and data transfer

It's common practice to guard your electronic data through software that monitors email, Internet use and file sharing. Here again, let your employees know what your policies are. Reassure them that no one is reading their email for fun but emphasize that all data on company computers is company property and subject to filters and monitoring. Use passwords and access permission to limit the right to see confidential information to only those employees who need it.
Try: There are many software solutions for monitoring and controlling the use of your businesses' computers; here are comparative reviews and links to purchase some top products.