After more than 50 data security settlement agreements with various companies, the FTC (Federal Trade Commission) issued its Guide that recommending that companies “consider security from the start assess their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved.”  The “Start with Security: A Guide for Business” was part of a day long program on November 5, 2015 in Austin and will be repeated in Seattle on February 9, 2016.  The 1st of the 10 practical lessons about Start with Security includes these 3 important pieces of advice:

Don’t collect personal information you don’t need.

Hold on to information only as long as you have a legitimate business need.

Don’t use personal information when it’s not necessary.

Here is the list of all 10 practical lessons in the Guide:

  1. Start with security.
  2. Control access to data sensibly.
  3. Require secure passwords and authentication.
  4. Store sensitive personal information securely and protect it during transmission.
  5. Segment your network and monitor who’s trying to get in and out.
  6. Secure remote access to your network.
  7. Apply sound security practices when developing new products.
  8. Make sure your service providers implement reasonable security measures.
  9. Put procedures in place to keep your security current and address vulnerabilities that may arise. S
  10. ecure paper, physical media, and devices.

Great advice for all businesses to follow from lessons learned the hard way.