FTC tutorial on how to protect sensitive business information

The FTC has released a training tool designed to help businesses protect sensitive information, which might be stolen to commit identity theft or fraud.

After taking a look at it, I found it to be simple, straight forward and effective way for a business to evaluate how well they are protecting information.

From the FTC release on this new tool:

Protecting the personal information of customers, clients, and employees is good business. The Federal Trade Commission has a new online tutorial to alert businesses and other organizations to practical and low- or no-cost ways to keep data secure.

The tutorial, “Protecting Personal Information: A Guide for Business,” at www.ftc.gov/infosecurity, takes a plain-language, interactive approach to the security of sensitive information. Although the specifics depend on the type of company and the kind of information it keeps, the basic principles are the same: any business or office that keeps personal information needs to take stock, scale down, lock it, pitch it, and plan ahead. The tutorial explains each of these principles, and includes checklists of steps to take to improve data security.

The tutorial supplements brochures, slide presentations, and articles on information security already on the Web site and available from the FTC for free. The agency is encouraging businesses and other organizations to share this important information with employees who handle personal information such as Social Security numbers, credit card numbers, financial account numbers, and other sensitive personal information.

Interestingly enough, I just did a post on a new report released by the IT Compliance Policy Group. Their findings were the organizations that suffer the fewest incidents of information theft have a few things in common, which is they keep their programs simple, and pick out the most critical items with a focus on risk. The organizations with the fewest incidents of data theft inspect these critical items more frequently, also.

The FTC tutorial gives some great guidance on how to identify the most critical items that are risk focused in an organization.

Common sense often is the best way to approach ensuring competent security.

Materials can be ordered for presentation purposes by following the link listed in the press release.

FTC press release, here.

A video presentation of this infomation can be seen, here.