We’ve all seen the headlines:

The Fellowes’ Workplace Data Security Report found that 81 percent of full-time business employees have access to paper documents containing sensitive workplace information, yet only 62 percent cite their company as having a data security policy on which employees are trained. Some of those untrained employees may be leaving their companies vulnerable to a security breach, as the survey also reports that nearly a quarter of employees leave sensitive paper documents on top of their desks.

According to the study, full-time office employees may unwittingly contribute to a digital or paper-based security breach by practicing risky behaviors:

• Approximately one in four (26 percent) leave their computers unlocked when away from their desk

• Fifteen percent throw paper documents containing sensitive information in the trash

• Only 60 percent maintain a secure firewall

• Less than half of respondents (44 percent) ensure their mail is safe by sending it through a secure mailbox

“Whether electronic or in paper form, confidential information in the workplace is a hot item for theft, and the methods employed by criminals to obtain this information are constantly evolving,” says John Sileo, an identity theft expert. “With smart prevention measures, you can help your company avoid a costly breach that can lead to personal consequences – like identity theft.”

Having learned a great deal from suffering a security breach within his own business, Sileo is now an award-winning author and international speaker on the topic. He travels the country educating businesses about ways to prevent the crime.

“Data protection can be simple as long as the proper procedures are in place and widely practiced,” continues Sileo. He offers five key pieces of advice when speaking with business employees:

• Lock your office when you leave for the day to prevent anyone accessing it after hours.

• Ensure your computer is locked with a secure password containing a unique combination of letters and numbers.

• Ask your IT department to check that your firewall is secure and up to date.

• Don’t leave paper documents on your desk or in common printing areas and store important documents in a locked filing cabinet.

• Shred unneeded documents with a Cross-Cut shredder, like Fellowes’ 79Ci.

According to Sileo, a shredder with Cross-Cut technology is vital to ensuring documents are properly destroyed. The 79Ci from Fellowes also offers 100 percent Jam Proof technology to help make shredding jobs easy and productive.

What do online privacy policies accomplish? Why do you need one? Sometimes, it’s required, such as the statutes that govern email SPAM.  Others are optional. In general, your online privacy policy is your company’s pledge to your customers about how you will use, not use, and protect the consumer data you collect from them.  Check out SBA.gov’s own privacy policy as an example.

A privacy policy is not just lip service to your customers. You’ll need to make sure your business follows the policy by implementing reasonable security measures to protect your customers’ data.  Failure to follow your business’s privacy policy can result in costly legal fees.

The thing about online privacy policies is that they differ from business to business and must be tailored to fit each business’ needs. However, there are some general guidelines and laws to be aware of as you craft your policy.

Explain How You Collect and Use Personal Information
While not required by law (although the Federal Trade Commission prohibits any deceptive practices), creating a privacy policy is important if you want people to buy your products. This is particularly important if you are involved in e-commerce or if you collect information in surveys or marketing forms. Every customer has a right to know how you collect and use their information.

Online privacy policy generators (just run a search on that term and you’ll find them) can help you craft a policy. As you craft yours, be sure to clearly explain the following:

Your Cookie Policy – Cookies are used to store user preferences or shopping cart contents. Clearly explain your cookie practice.

How You Share Customer Information – Customers need to know that their data will only be used to complete the transaction and that any further use of that data (including selling or distributing it) requires their consent.

Contact Information – Make it easy for your customers to contact you or file a complaint.

Display Your Privacy Policy – Make sure new customers or users have easy access to your policy by prominently displaying links to it (from your home page, product pages, and in the shopping cart). Remember, you want them to feel comfortable that you take their online security seriously.

Publish Your Email Opt-Out Policies – Include opt-out options in your email marketing (the CAN-SPAM Act requires it) and on your website so that your customers have the option of changing or canceling their email notices. Read more about opt-out and CAN-SPAM laws in SBA’s guide to Online Advertising Law.

Collecting Data from Children – If your website targets children under the age of 13, you’ll need to comply with the Children’s Online Privacy Protection Act (COPPA).

Adhere to Your Policy – Adherence to your policy is important from the standpoint of both customer credibility and the law: the Federal Trade Commission will investigate complaints of unfair or deceptive practices. A case in point: its recent investigation of Facebook privacy practices. As new technologies emerge, such as mobile apps, online communities, and social media, be sure to update your privacy policy to align with any changes to the way you capture and protect consumer information.

Get a Seal of Approval – Third party validation of your online privacy and security policy can enhance your credibility.  For a fee, these companies can help you create your privacy policy, or review your existing one, and conduct an annual audit to test your compliance.

Talk to an Expert – The Federal Trade Commission is constantly reviewing privacy issues. Areas such as cloud computing, mobile applications, social media, and other online services are increasingly coming under the spotlight. If you do most of your business online, talk to a lawyer who specializes in Internet or online law to determine whether your policies are adequate.

Helpful Resource:
Free Privacy Statement Help & Generator

Digital storage devices such as hard drives from Western Digital (WD) are one solution that provides great value and reliability. In a recent survey, nearly 55 percent of consumers said they do not back up or protect the digital content on their computer because either they don’t know how or think it’s too difficult. What makes this statistic more interesting is that nearly 60 percent of the same survey participants said they would miss their computers and its contents most if lost or stolen.

Today, the process of backing up important data on your computer is a simple plug-and-play process, so why take the risk?

There are a variety of inexpensive, reliable and easy-to-use solutions that are available to suit your lifestyle. For active and mobile consumers, the My Passport portable drives by WD are an ideal solution, small enough to fit in your pocket but large enough to store and protect thousands of photos, dozens of movies and your entire music library.

My Book external hard drives offer larger capacities (up to 3 terabytes), sit on your desk and copy all your files for protection against computer crashes and general failures.

For the network-connected home, the My Book Live personal cloud device plugs directly into your wireless router and allows content stored on all computers in the home to be backed up on the single drive. And, because it is attached to your router, you can access all the content from your laptop, iPad, iPhone or other mobile device from anywhere in the world using WD’s WD 2go mobile application for iOS, Android and laptops.

People insure cars, homes and lives. Using a digital storage device, such as those made by WD, can be a smart way to protect all your precious digital assets as well.

On Thursday, January 26, they will be sponsoring a Data Privacy Day event, “The Intersection of Privacy and Security,” featuring the Honorable Julie Brill, Commissioner of the Federal Trade Commission.

Although it falls on a Saturday this year, the National Cyber Security Alliance will be celebrating with events throughout January and into February. There will also be a live-streamed Facebook event, accessible here, and live panel discussions on Thursday, January 26th from 9:30 to 11:30 am EST at http://on.fb.me/dctalkslive.

A successful business is a trusted brand that protects customer and employee data, privacy and security. Businesses small and large have opportunities to improve privacy awareness and promote best practices among employees, management, clients, customers, subscribers, partners, and other audiences. Consider doing the following in honor of Data Privacy Day:

• Become an official sponsor, partner or champion of Data Privacy Day.
• Sponsor or host a Data Privacy Day event in your area.
• Ensure that your company has a designated employee in charge of privacy and that you are complying with all applicable privacy laws.
• Develop internet privacy policies for your business. The Federal Trade Commission’s Bureau of Consumer Protection Business Center is a great resource http://business.ftc.gov/privacy.and.security. If you already have policies in place, review and update them to ensure they address current threats and best practices.
• Conduct employee training on privacy as it relates to employment, helping employees learn how to protect the privacy of clients’ and customers’ personal information and teaching employees how to manage their own privacy at work.
• Host a series of educational events or a brown bag lunch for your employees designed to increase
• awareness about data privacy in an area of interest to your employees including: mobile privacy; social networking; identity fraud and theft; online tracking; health privacy; online reputation management. Use materials, posters and videos available at http://www.staysafeonline.org/dpd.
• Create a plan in the event the privacy of customer data is compromised by a data breach. Check out the Debix Data Breach Incident Response Workbook for ideas (http://www.debix.com/workbook/index.php).
• Communicate with your clients, membership, or workforce about privacy awareness in the month of
• January in honor of Data Privacy Day using company newsletters, intranets, networks, and other internal communications. Blog about privacy throughout the month of January. Use social networks such as Facebook and Twitter to disseminate information and encourage customers and employees to learn more about privacy. Feel free to use content found at http://www.staysafeonline.org/dpd.
• Become a fan of Data Privacy: NCSA on Facebook (https://www.facebook.com/DataPrivacyNCSA) and
• follow Data Privacy Day on Twitter (@DataPrivacyDay).
• Encourage the privacy and security professionals in your workplace to visit local schools to talk with teens about privacy and share the STOP. THINK. CONNECT. message.
• Create and disseminate engaging educational materials for your customers, for consumers, for employees or for businesses.
• Conduct a study to advance understanding of privacy practices and share the results in honor of Data Privacy Day.
• Hold a shredding event to raise awareness about data privacy.

For more information, as well as tip sheets and other promotional materials, visit http://www.staysafeonline.org/.

Helpful Tip Sheets:

Privacy Tips for Social Networking

Mobile Privacy Tips

The Trend
Increasingly, workers today are bringing their personal devices to the company IT department to enable access to e-mail and other productivity apps on them.

According to a recent Forrester report, three-quarters of U.S. workers pick the smartphone they want rather than accept IT’s choice. What’s more, another recent survey discovered increasing numbers of enterprises across all industries are supporting a bring-your-own-device (BYOD) model, and in more than half of those instances, employees shoulder the cost of their device and service plan.

The Problem
So now employees can use their favorite devices for work but companies must support more platforms and deliver business apps including e-mail, chat and portals on iPads, iPhones, Android and Windows phones. That means that data and apps will be used from any location over any network—which can endanger sensitive company information, potentially getting workers or their employers into trouble.

To keep confidential data stored on personal mobile devices from falling into the wrong hands, many IT departments turn to third-party solutions to better secure, monitor, manage and support the variety of mobile devices used by employees. Using one of these solutions, IT organizations can implement security controls such as passwords and remote wipe and lock, which lets IT erase corporate data from a mobile device in the event it’s lost or stolen.

The challenge is that most employees don’t want to enter a complex password every time they need to make a phone call, send a text message or update their Facebook status. Plus, when employees use their personal phones for work, a remote wipe could erase personal apps and data in addition to corporate data and applications.

A Solution
Fortunately, companies such as Good Technology take a different approach to these BYOD security challenges and keep the best interests of employees and the company in mind. Good helps companies separate and secure corporate data while leaving employees’ private information untouched.

For example, rather than remotely wiping the entire device, IT can wipe only corporate data, leaving personal data and applications intact. This lets employees use their personal mobile devices at work without having to worry about compromising company information.

Keeping Information Secure
Don’t use cloud programs on your mobile device to share corporate files and data.

Beware of e-mail fraud.
Don’t send e-mail to anyone you don’t know or respond to e-mails from unknown sources without first verifying that they are legitimate.

Secure your device’s settings and have it automatically lock after five minutes.

Don’t forward e-mails from your corporate address to private e-mail accounts, especially e-mails with attachments.

Don’t use check-in apps everywhere.
Turn location setting off when not using apps that require it.

Be careful of beta programs/apps—they can be dangerous, as in many cases the developers haven’t sorted out security yet.

Further Information
To learn more, visit http://www.good.com.

Nearly one in five Americans report that they have been the victim of a phishing scam, according to the results of a survey conducted by Experian, the leading global services information company. Alarmingly, of those respondents who wouldn’t or didn’t report having been a victim of phishing, nearly two-thirds reported that it was because they didn’t know how.

While taking proactive measures can help minimize your chances of being the unwilling participant in fraudulent activity, it’s equally as important to know how to react in the event that you do find yourself the victim of a phishing scam. Rod Griffin, director of public education at Experian, offers some dos and don’ts for the critical next steps you should take if you have been phished.

Things to Do:
Notify law enforcement. The war against phishers cannot be won in isolation. It is important that you notify your local police department or other appropriate law enforcement agency of any instances of confirmed theft of your personal information as this may help prevent similar activity from happening to you or others in the future.

File an online report with the Federal Trade Commission. You can log on to www.consumer.gov/idtheft for step-by-step instructions on how to file a report.

Contact sources that report fraudulent information. It’s important to contact your bank or credit card companies that handle accounts that may have been compromised. Contacting a credit reporting company is also important. You can request that the credit reporting company add a fraud alert to your credit report and notify the other national credit reporting companies so they can do the same. As a potential fraud victim, you can request a free copy of your credit report and review it for any fraudulent information.

Contact the company that appeared to request the information fraudulently. If you suspect that you’ve received a fraudulent email or been contacted via instant messaging, directly contacting the company in question will allow you to either verify the request or notify the organization of phishing activity.

Things to Avoid:
Delay reporting. Immediate action is essential to mitigate the potentially negative consequences that can result from fraudulent activity.

Take a narrow course of action. Partnership is the key to minimize the consequences of any form of identity theft; be sure to communicate appropriately with national credit reporting companies, credit grantors, data providers, law enforcement and government agencies.

Be embarrassed. Every year, a staggering number of people are victims of phishing activity. It’s much more humbling to have to deal with the long-term consequences of identity theft than to come forward and seek assistance.

Reinvent the wheel. While it may be helpful to take additional precautionary measures in the future (e.g., subscribing to an identity theft monitoring service, such as that available at http://www.protectmyid.com), it may not be necessary to replace your electronic devices (i.e., computer or smartphone) or reapply for personal documentation (i.e., Social Security number) but you should ensure that you have up to date anti-virus and desktop firewall protections.

Many small-business owners already know this; in fact, in a recent survey by Carbonite Inc., a provider of online backup solutions, 81 percent of small-business owners said they consider data their company’s most valuable asset.

Yet the same survey found that more than half (57 percent) have no plan in place if something disastrous happens to their data. And nearly half (48 percent) of small businesses with two to 20 employees have already experienced data loss, according to a separate Carbonite survey. A third of those never recover their lost data.

“The Federal Emergency Management Agency has said that 40 to 60 percent of small businesses never re-open after a data disaster,” says Peter Lamson, a small business expert for Carbonite. “Small businesses that plan ahead and take key steps such as protecting their valuable business data will be in a much better position to get their businesses back up and running when disaster strikes.”

So how can you protect your company from some of the most common causes of data loss?

“The single most important thing small businesses can do to protect their data is to back it up every day,” Lamson says. “We know from our research, however, that while some small businesses perform daily backups, many don’t. And of those that do, many are using antiquated methods or are only partially backing up primarily due to the time or costs associated with business backup.”

Most small businesses that back up their data rely on physical devices, like external hard drives, USB/flash memory sticks or CDs/DVDs. Physical devices require business owners to keep track of them, manage the backup process, and assign an employee to this task. Furthermore, backup copies are often stored on-site and exposed to the same risks as the original data.

Many small businesses are turning to online backup services to safeguard their data and streamline the backup process. Services such as Carbonite Business provide online backup that meets the ease-of-use and budget needs of small businesses. Not only does online backup add a layer of security by storing valuable data off-site, it also allows for automatic and real time backup. If a business’ computers are connected to the Internet, then its data is backed up automatically.

Here are some common causes of data loss and how you can help protect your company from them, in addition to backing up:

Cause: Hardware/software failure (54 percent)

Protection: Do regular maintenance tasks for hardware and software. Most operating systems now come with built-in disk clean up and diagnostic functions. Run them regularly to help keep your software in good shape. Keep an eye on hardware too, with simple steps such as checking power cords periodically to ensure they’re OK.

Cause: Accidental deletion (54 percent)

Protection: Accidents happen and sometimes data that you mean to preserve gets lost or deleted. This is when having an instantly accessible backup is vital. Ready access is another advantage of online backup. Rather than having to go track down an external hard drive or call your IT person, online backup allows you to access your preserved data in real time, so that you can be back up and running quickly.

Cause: Computer viruses (33 percent)

Protection: Software to protect your PCs and system from viruses and malware is essential. Keep your virus protection software up to date to help ensure you maximize your ability to block viruses. Make sure employees know never to attempt turning the software off, and direct them to avoid opening email attachments unless they are confident of the source of the email.

Cause: Theft (10 percent)

Protection: Thieves don’t only target big companies. In fact, small businesses can be particularly appealing targets for data thieves since they often have fewer safeguards in place than do larger companies. In addition to a firewall and secure Internet connection, your prevention measures should include steps to keep thieves from stealing hardware such as flash drives, external drives, data tapes and even the PCs themselves.