2017 GNYADA Membership Directory

HOT TOPICS

computers to store or access customer data to use protections against viruses, spyware, and other unauthorized intrusions. • Imposing disciplinary measures for security policy violations including termination of employment. • Preventing terminated employees from accessing customer information by immediately deactivating their passwords and user names and taking other appropriate measures. Information Systems Information systems include network and software design, and information processing, storage, transmission, retrieval, and disposal. Replace systems such as Windows versions XP or earlier that are no longer supported and make sure your antivirus, anti-malware, firewall, and other security software is up to date at all times. Here are some suggestions on maintaining security throughout the life cycle of customer information, from data entry to data disposal: Know where sensitive customer information is stored and store it securely. Know its life cycle throughout your organization. Make sure only authorized employees have access. For example: • Ensure that storage areas are protected against destruction or damage from physical hazards, like fire or floods. • Store physical records in a room or cabinet that is locked when unattended. • When customer information is stored on a server or other computer, ensure that the computer is accessible only with a “strong”password and is kept in a physically-secure area. • Place customer information on a separate secure server or in a secure cloud-based server. Limit permissions and require additional access requirements (two-factor authentication) such as a randomly-generated token number and additional password to be able to access the server. • Where possible, avoid storing sensitive customer data on a computer with an Internet connection. It is a good practice to provide “read only”access to customer information and disable the ability to download customer information onto third-party devices (USBs, external hard drives, etc.). • Maintain secure backup records and keep archived data secure by storing it off-line and in a physically-secure area. • Maintain a careful inventory of your company’s computers, servers, and any other equipment on which customer information may be stored. • Monitor employees accessing customer information in both paper and electronic format. You should review the monitoring regularly to detect any unusual spikes in activity and quickly find out the reason. • Get a static IP address from your Internet Service Provider. This will keep your IP address from changing and enable sites like Dealertrack to only accept requests for customer information from your trusted IP address. This can be a major protection in the event employees’user names and passwords are compromised. • Use a cloud-based proxy server or a software-based proxy server to prevent users from going to sites that are associated with viruses, malware, or that are otherwise insecure.

MEMBERSHIP

DIRECTORY

2017

118