Data security a big talking point at NAPBS Mid-Year Conference
- Kevin Rosenquist
We recently got back from the annual Mid-Year Legislative
and Regulatory Conference put on by the National Association of Professional Background
Screeners. It was another great year of valuable information, informative
speakers, and even a little fun. It was my first time in DC and I can’t stop
talking about how much I enjoyed that city. Some of you have already heard from
me about it and are probably sick of listening to me. But it really is great!
One of the things that was stressed strongly this year was data
security. So I thought I would put a few of the stronger points together to get
you all thinking about how you handle your own sensitive data, as it relates to
your background check procedures as well as other parts of your business. Some
are obvious, others perhaps not so much. But they are all great things to keep
1. Control access to data. The only people who
should have access to sensitive data are those that need it. Don’t give people
access to anything more than what they need to do their job.
2. Minimize admin access. This goes along with number
one but not everyone needs to be an administrator. Only give those who need it admin privileges. And
make sure that whoever does have admin privileges never accesses his or her
account unless they are on your secure network and always logs off when they
leave their computer.
3. Secure passwords and authentication. I know we’re
all tired of having to come up with ten different passwords that each have
upper case and lower case letters, a number, a special character, nonconsecutive
letters, fingerprints, retinal scans, and so on. But having a complex password
that is difficult to guess increases security by a lot. And changing them every
30 days is even better.
4. Have your IT department archive network traffic
and keep incident logs. It’s always good to monitor and keep incoming and
outgoing network traffic as well as log any error messages your network gives.
5. Be wary of public Wi-Fi networks. I know I’ve
asked a barista, bartender, or store employee for their Wi-Fi password more
than once. Our phones run a lot faster with them. One speaker at the conference
said he never connects to public networks period. But if you do be sure you are
not accessing sites or databases that contain your sensitive information.
6. Have a security policy. List out the role(s)
that should be given admin access and have a plan in place in case of a data
breach. You don’t want to be running around the office screaming if something
were to happen.
Little things can go a long way in protecting your data,
both your business data and personal data. Staying on top of your security
procedures can significantly lower your risk. Hope this helps some of you.