Starting with the FTC’s 10 Start with Security Principles, the blogs will “take a deeper dive into steps companies can take to safeguard sensitive data in their possession,” FTC Bureau of Consumer Protection Acting Director Thomas B. Pahl wrote in the first post.
“Another important source of our Stick with Security examples are the experiences of businesses from across the country,” Pahl explained. “We’ve listened to the day-to-day challenges you face in protecting sensitive information and have learned from the practical approaches you’re taking to address data security challenges.”
The second blog post reviewed how organizations can sensibly control data access.
First, entities should ensure that only individuals who need access to data actually have access to it. This could reasonable access control could include simply locking a file cabinet, or ensure that only certain personnel are able to access a database containing sensitive information.
“Not everyone on your staff needs unrestricted access to all confidential information you keep,” Pahl maintained. “The better practice is to put sensible controls in place to allow access to employees who need it to do their jobs, while keeping others out.”
Limiting administrative access will also be essential in data breach prevention, the blog post stated. For example, a company should not have the same login credentials for all employees.
“The login has administrative rights that enable designated IT staffers to make system-wide changes,” Pahl suggested. “But that same login is used by the company’s receptionist, a sales assistant, and a summer intern. The wiser approach is for the company to require different logins with only those privileges necessary for that employee to do his or her job.”