Industrial Communications, Inc.

and Subsidiary, Basin Comm. Systems, Inc.

Policy and Guide

for
Protecting Personal Information
Keeping information secure
Are you taking steps to protect personal information? Safeguarding sensitive data in your files and
on your computers is just plain good business. After all, if that information falls into the wrong
hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles:

Take stock. Know what personal information you have in your files and on your
computers.

Scale down. Keep only what you need for your business.

Lock it. Protect the information in your care.

Pitch it. Properly dispose of what you no longer need. Plan ahead. Create a plan to
respond to security incidents.

Effective data security starts with assessing what information you have and
identifying who has access to it. You can determine the best ways to secure
the information when you understand how personal information moves into,
through, and out of our office and who hasor could haveaccess to it.
Inventory all computers, laptops, flash drives, disks and file cabinets to find
out where sensitive data is stored.

Take stock
Who sends sensitive personal information to you?
1. Customers
2. Credit card companies, Banks or other financial institutions
3. Credit bureaus
4. Other businesses
How is it received?
1. Website
2. Email
3. Mail
4. Phone

What kind of information is collect at each entry point?

1. Credit card information
2. Drivers license number
3. Social Security number
4. Other banking information
Where is this information kept?
1. Computer database
2. On individual laptops
3. On disks or tapes
4. In file cabinets

Scale down
If you dont have a legitimate business need for sensitive personally
identifying
information, dont keep it. In fact, dont even collect it. If you have a
legitimate
business need for the information, keep it only as long as its necessary.
Use Social Security numbers only for required and lawful purposes
like reporting employee taxes. Dont use Social Security numbers
unnecessarilyfor example, as an employee or customer identification
number.
The law requires that only the last 4 digits to be printed on credit and debit
card receipts..
Dont keep customer credit card information. Keeping this informationor
keeping it longer than necessary raises the risk that the information could be
used to commit fraud or identity theft.

Lock it
Whats the best way to protect the sensitive personally identifying
information
you need to keep? It depends on the kind of information and how its stored.
The most effective data security plans deal with three key elements: physical
security, electronic security and employee training.
Physical Security

Many data compromises happen the old-fashioned waythrough lost or

stolen
paper documents. Often, the best defense is a locked door or an alert
employee.

Store paper documents or files, as well as CDs, floppy disks, zip drives,
tapes, and backups containing personally identifiable information in a
locked room or in a locked file cabinet. Limit access to employees with a
legitimate business need. Control who has a key, and the number of keys.

Remember not to leave sensitive papers out on your desks when you are
away from your workstation. Files should be put away and log off your
computer and lock your file cabinet.
Electronic Security

Dont store sensitive consumer data on any computer with an Internet

connection unless its essential for conducting your business.
Regularly run up-to-date anti-virus and anti-spyware programs on
individual computers and on servers on your network.
Control access to sensitive information by using a strong passwords. Tech
security experts say the longer the password the better. Simple passwords
like common dictionary
wordscan be guessed easily. Choose passwords with a mix of letters,
numbers, and characters. User names and passwords should be different,
and be frequently changed.
Dont ever share your passwords or post them near your workstations when
sensitive information is involved.
Watch out for possible calls from identity thieves attempting to deceive you
into giving
out your passwords by impersonating members of our IT staff. Calls like that
are always
fraudulent. No one should be asking you to reveal your passwords.
When installing new software, immediately change vendor-supplied default
passwords to a more secure strong password.
Use caution when transmitting sensitive personally identifying dataSocial
Security
numbers, passwords, account information via email. .
Laptops are restricted to those employees who need them to perform their
jobs.

Assess whether sensitive information really needs to be stored on a laptop. If

not, delete it with a wiping program that overwrites data on the laptop.
Laptops should be stored in a secure place and if sensitive information is
involved secure laptops to employees desks.