How to Physically Keep Sensitive Data Secure

Today I want to talk about physical security and maybe go a little more in-depth than previuosly. I actually worked with an individual who lost sensitive data and it was through a physical method that they lost it. A lack of physical security. So she had a truck all kitted out to come out to your location to shave your dog, shave your cat, whatever was needed. And when she would come out to that location to perform that service for customers, she would take payment from them. Now she may take payment with cash or check, but she also took credit card payments. Now the caveat to that is, she didn’t actually have a mobile payment method with her. She had her credit card processing terminal at her storefront location. And it was stolen.

It begs the question whether she should have had that data stored in that manner anyway. But the reality is a simple lock on that door, putting an electronic device with electronic controls, those things could have protected her. But unfortunately she didn’t have those controls and she was compromised. In truth it’s actually kind of a bizarre method to process. To say, hey! can I write it down on a piece of paper and take a back to process? I promise I’ll do in a safe and a secure fashion. That person’s put their trust in you. Your customers put trust in you. And the trust was lost. She had to go back to her customers and inform the customer I just lost your data while I was eating lunch. The reality is, she’s one of many people that are losing data. You hear about these big medical breaches, the physical security, the physical breaches breaches if you will, are having a major leak in the medical industry because everybody is storing patient data on some type of backup device or on a laptop or tablets.

It’s happening a lot. It’s ease of use. Wherever you’re at, your in a medical profession, you’re trying to provide medical services to patients as quickly as he can. I mean you don’t want anything to hinder that patients medical service. So we put on an electronic device, which makes it easier for us to access, easier for us to diagnose and treat, and we don’t protect it. We put it in a vehicle, we leave it in an office that’s unlocked, we didn’t document where it was at and it gets stolen. Your business may be concerned about protecting a trade secret, the secret recipe of your business. And you as the business owner, you care about that.

You care about the sensitivity of it and the security of that. But what you need to remember is, while you may care, your employees may not have the same investment. So it’s important like I referenced in the last episode, it’s important to document what sensitive information you’re trying to protect. I know I said electronic devices, but really it’s all sensitive data. Document what you’re trying to protect. Now that is valuable data and you don’t want people to get a hold of that, so that needs to be physically protected. But make sure it’s documented. Make sure that you know where it’s at, that you have policy and procedures in place that has a protection for each of those. Then you need to make sure that when that’s documented, you document who has access to it.

There is no worse feeling asking yourself, where did it go and who had access to it, who was the last person with it. It makes your job incredibly frustrating hard, and if there was sensitive data especially if it’s industry-specific and/or there was a compliance guideline behind it, you could be liable for that data that’s lost so documenting what you have, documenting who has access to it, is absolutely crucial for your business. The reality is, we want to hear from you. If you have questions you’d like answered, if you have concerns or things you’d like me to answer, please let us know.