Whether your office is a small medical practice, a mid-sized CPA firm, or a business that deals with less sensitive information, data security is something you need to consider. Obviously, medical offices must keep patient information confidential (HIPAA compliance), and accounting firms have valuable financial and personal information to protect (FACTA compliance). Even a business such as nail salon still needs to respect customer privacy (e.g., credit card receipts).
Physical documents are somewhat easy. If there’s a hard copy, it needs to be locked up or shredded. But what about virtual customer information. Data security applies to electronic records or online access.
Make sure any interaction between your website and customers follows the right laws. At the very least you need an up-to-date privacy disclosure. First you need to understand how to use your website and what information is collected.
As soon as you start collecting email addresses, names, or other information about customer or users, you become responsible for protecting that data from other third parties. You also enter into a trust relationship with the individual. So, it’s important to use contact information exactly as you state you will. Spam laws also require that you provide an easy unsubscribe method for newsletters and other marketing materials.
A firewall acts as a barrier between your network and the Internet. Firewalls are an important data security safeguard. Since almost every business is going to need the Internet for something—from taking credit card payments to accessing online claims or records-management software—you need a firewall to govern what information flows from your network to the web and vice versa. Without an appropriate firewall, it’s easier for hackers to access information about your company, customers, or finances.
Companies of all sizes walk a fine line between efficient customer access for employees and weak links in data security. Any system—on or offline—that houses identifying customer information must be protected by firewalls and a password system. Access to information should be granted on a need-to-know basis. A bank or medical office receptionist may need access to basic customer information like names and phone numbers, but he or she doesn’t necessarily need access to loan and account information.
Data Security Awareness
Data security requires constant awareness for everyone in your organization. From scanning old paper files to tightening password security and electronic access, the less available sensitive information is, the easier it is to protect it.