GNYADA 2019 Membership Directory & Services Guide

• Using password-activated screen savers to lock employee computers after a short period of inactivity. • Developing policies for appropriate use and protection of laptops, PDAs, cell phones, or other mobile devices. For example, make sure employees store these devices in a secure place when not in use. Also, consider that customer information in encrypted files will be better protected in case of theft of such a device. Encrypt customer information wherever it is located. The FTC has found that failing to have a defensible password security policy or permitting “weak” administrative passwords such as common words with no capitalization (e.g., “password”), numbers, or symbols (e.g., “12345”) can constitute inadequate data security. The FTC also faulted a leading social networking provider for storing and sending passwords in plain text emails. The FTC has also focused on employee training as a key element of an Information Security Program. Dealers should train employees to take basic steps to maintain the security, confidentiality, and integrity of customer information. Some protections may include: • Locking rooms and file cabinets where records are kept; • Using complex passwords and not sharing or openly posting employee passwords in work areas; • Encrypting sensitive customer information when it is transmitted electronically via public networks; • Not clicking on email links or attachments from unknown sources (phishing); • Referring calls or other requests for customer information to designated individuals who have been trained in how your company safeguards personal data; and • Reporting suspicious attempts to obtain customer information to designated personnel. In addition to training employees, ensure that there is proper oversight and supervision, including: • Developing policies for mobile devices and employees who use personal devices to make certain that those devices are secured. One way to do this is by using Mobile Device Management Software (MDMS), which creates a secure channel for communications to and from your network and can be used to monitor and track usage as well. • Developing policies for employees who telecommute. For example, consider whether or how employees should be allowed to keep or access customer data at home. Also, require employees who use personal computers to store or access customer data to use protections against viruses, spyware, and other unauthorized intrusions. • Imposing disciplinary measures for security policy violations including termination of employment. • Preventing terminated employees from accessing customer information by immediately deactivating their passwords and user names and taking other appropriate measures. Information Systems Information systems include network and software design, and information processing, storage, transmission, retrieval, and disposal. Replace systems such as Windows versions XP or earlier that are no longer supported and make sure your antivirus, anti-malware, firewall, and other security software is up to date at all times. Here are some suggestions on maintaining security throughout the life cycle of customer information, from data entry to data disposal.

2019 membership directory & services guide / hot topics

PG 133

Made with FlippingBook - Online catalogs