Security: it’s All About Processes and Procedures

anequim-security-it-is-all-about-processes-and-procedures

Whether your team works in-person or remotely, protecting your company’s data should be a top priority. However, when your employees are remote, it becomes even more important to have and enforce strict information and data management processes. This is especially critical if your employees have access to banking and vendor management systems, accounting records, and the personal information of your customers (social security numbers, driver’s license numbers, credit card or bank account numbers, etc.). These data pieces can give a would-be thief plenty of information to steal money or even someone’s identity. The last thing you want is for your business to be associated with a serious data breach. 

So, what can you do to proactively protect yourself, your company, and your customers? Oversight, oversight, oversight. The number one thing you can do to avoid a dangerous data situation is pay attention. Set up a system of checks and balances for every process that involves sensitive information- and then commit to frequent check-ins to be sure the systems are working. 

 

Here are some tips:

  • Reconcile your books regularly. Daily reconciliation is best- but at minimum, this should be done weekly. Letting too much time pass without looking at your books is a big mistake that can have big (and costly) consequences.
  • Onboard and offboard. Every employee. Every time.
  • As you onboard a new employee, create an inventory checklist of the personal information they are privy to- include any company software or systems they will use to perform their duties- update as roles or responsibilities change.
  • Assign individual logins to company systems so you can track usage- never allow shared logins.
  • Thoroughly train employees on the expectations, processes, and procedures for data security – this sets a tone of accountability from the start.
  • When offboarding an employee, cross check that handy inventory list!
  • Be sure to terminate employee access to company software or systems.
  • Collect employee’s company credit cards and cancel them with your financial institution.
  • Make sure the payroll department knows the employee has left the company, so paychecks don’t continue to be sent.
  • Avoid single person loops wherever possible. For example, if the same employee is getting the mail, entering deposits, and going to the bank, there are not enough checks and balances in that loop to ensure the safety of the data involved.
  • Create procedures that put multiple eyes on any transaction or process that introduces risk to your company or customers’ information.
  • Design a process for approval of expenses that ensures no single person can approve high-dollar expenses on their own.
  • For employees who travel independently, create stringent processes for submitting travel expense receipts (and be sure to review them line by line!)

 

Other proactive steps you can take to protect your company’s data:

  • Don’t allow employee printing of documents with protected info
  • Provide read-only access to all account numbers
  • Use software systems with built-in security protections instead of leaning too hard on spreadsheets- a spreadsheet can easily be stolen
  • Utilize password protection software to add another layer of security to your systems
  • Grant access privileges by role- employees only need access to the information they need to do their job
  • If you have a vendor management system- don’t allow employees to create vendor profiles without an approval chain (a bad actor could create a fake vendor and funnel money to themselves)
  • Make sure your company follows PCI DSS (payment card industry data security standards) guidelines for safely accepting card payments

 

Finally, be aware of phishing scams and educate your employees on how to identify and avoid them. Some email scams can be very convincing- even to the most conscientious employee. Make sure your IT systems have strong security protections in place to prevent cyberattacks. Provide frequent communication to your teams on the latest scams to be on the lookout for.  

While there is no magic bullet to ensure you’ll never have any kind of data breach, if you take these common sense steps, the chances are much less that you’ll have any kind of significant compromise of your company’s important information. Good standard processes and procedures, robust employee education, consistent oversight and accountability controls, regular reconciliation of your books, and IT systems with strong security features are all great steps to maintain the security of your company and customer data.