Posted at 6:21 AM
Want something old and something new, all in one? Check out the FTC’s updated “Protecting Personal Information: A Guide for Business.” It’s the same principles that we’ve relied on for years, but with a new twist.
You’ll find the latest tips about technologies that have emerged since we last published the guide. And a fresh look to match the Start with Security business education campaign.
The updated version relies on the same bedrock principles: (1) Take Stock, (2) Scale Down, (3) Lock It, (4) Pitch It and (5) Plan Ahead. And the new twist? Here’s a glimpse of some of the updated advice:
- If your company is developing a mobile app, “Scale Down” by making sure the app accesses only data and functionality that it needs. And don’t collect and retain personal information unless it’s integral to your product or service.
- If you’re implementing the principle of “Lock It,” consider using multi-factor authentication, such as requiring the use of a password and a code sent by different methods.
- If you’re sending information over your wireless network, encrypt it so that nearby attackers can’t eavesdrop. Look for a wireless router that has Wi-Fi Protected Access 2 (WPA2) capability and devices that support WPA2.
Sometimes little things mean a lot too. Instead of referring to CDs, tapes and floppy discs (who uses those anymore?), we’re talking about thumb drives now. Instead of simply saying “Scale Down,” we’re using lingo like the “principle of least privilege” (that means each employee should have access only to those resources needed to do their particular job). And instead of Secure Sockets Layer (SSL) encryption, we’re talking about Transport Layer Security (TLS) encryption these days.
Want more advice on cybersecurity? Check out our Start with Security guide and videos at ftc.gov/startwithsecurity. And for more compliance resources, don’t forget about the Business Center’s Privacy and Security portal.
Cross post from the Federal Trade Commission