Abbey Marvenko EN 321- Section 808 Prof. Marie Nasta 10/6/2010 HW #3 Summarizing: pgs 428-429 Ex.

7b Protecting Personal Information Most companies keep sensitive and private information in their files that should not be released to the public. This information includes names, social security numbers, credit card numbers, or other account data. All of this information is necessary and used for different purposes however; it is important that it is protected properly. This can be done by implementing a data security plan that contains four elements which are physical security, electronic security, password management, and employee training. Since some stolen data is obtained physically, it is important for a business to have a locked door or an alert employee. To ensure that the company data does not get into the wrong hands in the first place, many precautions can be taken. First, important files should only be accessed by those who absolutely need it and should be locked away in a filing cabinet. Also, the amount of keys to these secure places should be handed out selectively and kept track of. Lastly, all employees should be told to call a certain number if they see someone acting strangely. Next, all employees should be aware of the companys electronic security and the vulnerabilities that the system has. All systems with sensitive information should be monitored and checked on frequently. When sending sensitive information to third parties over public networks, be sure that the information is encrypted. Also, all computers should be scanned on a regular basis to identify services that it has access to that are not needed. If this is the case, these programs should be deleted to prevent potential hacking. Password protection is another important element that is needed for proper data protection. All companies with sensitive information should tell their employees to use strong passwords, containing many characters, letters, and numbers. Employees should also be required to update their passwords frequently and be locked out of their account if they use an incorrect password after a few login attempts. Lastly, companies should warn their employees about hackers posing as IT staff employees and prank calling them for login information. Finally, none of these procedures can be implemented unless the employees of a company are trained properly. New employees should be trained thoroughly at their orientation and regular training sessions for current employees should also take place to ensure that everyone is on the same page. Lastly, employees should be asked to sign off on an agreement that states that they are aware of the companys security policies. It is very important that the staff understands the policies so that they can work together to follow them precisely.

Page 1 of 1