These "security lessons learned" are gleaned from Federal Trade Commission (FTC) cases and may help improve your company's security practices:
- Don't collect personal data you don't need, and keep that information only as long as you have a business need for it.
- Restrict access to sensitive data and limit administrative access.
- Require complex and unique passwords and protect against authentication bypass.
- Store sensitive personal information with industry-tested methods, and protect it during transmission.
- Segment your network, and monitor who's trying to get in and out.
Get more security tips by visiting Start with Security: A Guide for Business on the FTC website.