Industrial Communications, Inc.

and Subsidiary, Basin Comm. Systems, Inc.

Policy and Guide for Protecting Personal Information

Keeping information secure

Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles:

Take stock. Know what personal information you have in your files and on your computers. Scale down. Keep only what you need for your business. Lock it. Protect the information in your care. Pitch it. Properly dispose of what you no longer need. Plan ahead. Create a plan to respond to security incidents.

Effective data security starts with assessing what information you have and identifying who has access to it. You can determine the best ways to secure the information when you understand how personal information moves into, through, and out of our office and who hasor could have access to it. Inventory all computers, laptops, flash drives, disks and file cabinets to find out where sensitive data is stored.

Take stock
Who sends sensitive personal information to you? 1. Customers 2. Credit card companies, Banks or other financial institutions 3. Credit bureaus 4. Other businesses How is it received? 1. Website 2. Email 3. Mail 4. Phone

What kind of information is collect at each entry point? 1. Credit card information 2. Drivers license number 3. Social Security number 4. Other banking information Where is this information kept? 1. Computer database 2. On individual laptops 3. On disks or tapes 4. In file cabinets

Scale down
If you dont have a legitimate business need for sensitive personally identifying information, dont keep it. In fact, dont even collect it. If you have a legitimate business need for the information, keep it only as long as its necessary. Use Social Security numbers only for required and lawful purposes like reporting employee taxes. Dont use Social Security numbers unnecessarilyfor example, as an employee or customer identification number. The law requires that only the last 4 digits to be printed on credit and debit card receipts.. Dont keep customer credit card information. Keeping this informationor keeping it longer than necessary raises the risk that the information could be used to commit fraud or identity theft.

Lock it
Whats the best way to protect the sensitive personally identifying information you need to keep? It depends on the kind of information and how its stored. The most effective data security plans deal with three key elements: physical security, electronic security and employee training.

Physical Security

Many data compromises happen the old-fashioned waythrough lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files, as well as CDs, floppy disks, zip drives, tapes, and backups containing personally identifiable information in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys. Remember not to leave sensitive papers out on your desks when you are away from your workstation. Files should be put away and log off your computer and lock your file cabinet.
Electronic Security

Dont store sensitive consumer data on any computer with an Internet connection unless its essential for conducting your business. Regularly run up-to-date anti-virus and anti-spyware programs on individual computers and on servers on your network. Control access to sensitive information by using a strong passwords. Tech security experts say the longer the password the better. Simple passwordslike common dictionary wordscan be guessed easily. Choose passwords with a mix of letters, numbers, and characters. User names and passwords should be different, and be frequently changed. Dont ever share your passwords or post them near your workstations when sensitive information is involved. Watch out for possible calls from identity thieves attempting to deceive you into giving out your passwords by impersonating members of our IT staff. Calls like that are always fraudulent. No one should be asking you to reveal your passwords. When installing new software, immediately change vendor-supplied default passwords to a more secure strong password. Use caution when transmitting sensitive personally identifying dataSocial Security numbers, passwords, account information via email. . Laptops are restricted to those employees who need them to perform their jobs. Assess whether sensitive information really needs to be stored on a laptop. If not, delete it with a wiping program that overwrites data on the laptop. Laptops should be stored in a secure place and if sensitive information is involved secure laptops to employees desks.