a. When data are in hard copy they should be placed in locked file cabinets.
b. Only certain personnel should have accessed to the room that contains all hard copy files to prevent open access to everyone.
c. Scans should be made of original hard copies and placed in a different locked room and/or if possible at another location to prevent total loss in case of disaster.
2. Flash drives
a. Ensure that your USB flash drive encrypts the data as soon as it is stored in the device with the full disk encryption feature. This will not only restrict the use of the drive to computers that have compatible encryption software but also help avoid unauthorized access to data.
b. The data stored on a USB flash drive should be put through regular …show more content…
If leaving a machine unattended, log out or turn machine off.
c. For machines with sensitive data, consider installing Disk Wipe technology that wipes the hard drive clean in the event of loss or theft.
d. If a laptop is lost or stolen, report it immediately. Time is of the essence to keep thieves from intruding on the company network.
4. Cloud storage
a. Do not store the only copy of a file in cloud storage.
b. Do not use cloud storage for the long-term retention of company documents or files even for instances when you work with non-sensitive information. Use alternatives such as Share Point and shared network drives.
c. You must ensure that there is a suitable level of encryption on any mobile or portable device used to download any data about individuals from cloud storage. Such a device must be password protected.
5. Mobile devices
a. A screen lock (may be known by other names on different devices) must be implemented to require a password or code to be entered after being idle for 2 minutes or more.
b. Staff members must not use the default passwords provided by their phone or voicemail service, but must create a new one.
c. They will report any loss or theft of their phone or mobile device to management within 24