FTC’s Top 10 Tips for Stronger Data Security Practices

Jim Elliott, assistant regional director for the Federal Trade Commission’s Southwest region, presenting at the Auto Finance Performance and Compliance Summit.

Establishing a reliable online presence for businesses is critical in today’s digital-savvy world, and when it comes to lenders building trust in the online marketplace — it remains a challenging yet crucial component.

Data breaches do not necessarily show that a company failed to have reasonable security measures, as there is no such thing as “perfect security,” Jim Elliott, assistant regional director for the Federal Trade Commission’s Southwest region, said during a presentation at the Auto Finance Performance and Compliance Summit.

However, there are ways for businesses to improve. Elliott emphasized the overall theme of “start with security.” From controlling access, securely storing information, and only acquiring the necessary personal information from customers, here are the top 10 tips for building stronger data security practices.  

First, control access to data sensibly — even by limiting administrative access. “Restrict access to sensitive data by segregating networks,” Elliott suggested. “Not everyone needs to have access, and by blocking access you prevent intrusions that can compromise the entire system.”

This includes securing remote access to your business’ network. According to Elliott, more people are looking to work from home, which provides more challenges that can be combated by ensuring endpoint security as well as putting sensible access limits in place.

Additionally, store sensitive personal information securely and protect it during transmission and throughout its lifecycle by using industry-tested accepted methods.

“There is no reason to reinvent the wheel, use what is standard in the industry, but keep abreast of what is going on in the industry because that standard is a moving target,” Elliott said.  

Further tips from Elliott include:

  • Don’t collect personal information you don’t need and only hold on to information as long as there is a legitimate business need.
  • Require secure passwords and authentication by insisting on complex and unique passwords, storing passwords securely, guarding against brute force attacks, and protecting against authentication bypass.
  • Segment your network and monitor who’s trying to get in and out.
  • Apply sound security practices when developing new products by training your engineers in secure coding, following platform guidelines for security, verifying that privacy and security features work, and testing for common vulnerabilities.
  • Make sure your service providers implement reasonable security measures and verify compliance.
  • Put procedures in place to keep your security current and address vulnerabilities that may arise including update and patch third-party software, “a process that should be constant,” Elliott noted.
  • Heed credible security warnings and move quickly to fix them.
  • Secure paper, physical media, and devices. This includes securely storing sensitive files, protecting devices that process personal information, keeping safety standards in place when data is en route, and disposing of sensitive data securely.

Check out more tips for bettering online security by visiting FTC.gov.

  Like This Post

Leave a Reply

X