As part of my law practice, I work with small businesses on creating internal policies and procedures for employees and how they can access, utilize, and disclose data. You are responsible for protecting the data you have on your employees, your clients, and your customers. Not only is it an expectation, but it is legally required. So, you can imagine the overwhelming sense of dread someone might feel if they left their phone or other device in the back of an Uber - especially if that device was left unsecure. I had a recent technology scare. And while everything turned out fine and no data was breached, I felt it was important to reshare data protection tips.
In a previous blog, I mentioned that one of the most important assets your business has is your data. What information could someone finding your phone access? How many things in your phone are connected to your business? Is your personal, business, and/or client data now vulnerable or compromised? To add to the inconvenience, you’re now unable to access work-related apps and programs because of all the multi-factor authorizations that are all linked to your lost phone. And did I mention that Uber (and other ride share services) is not responsible for the items left in a vehicle after the trip ends?
How do I protect myself and my business?
Losing a phone is a nightmare – especially if you’re traveling aboard. However, there are things you can do to protect yourself and your data.
● Lock You Phone – If you don’t have a password or lock for your phone, create one now! You can create a lock for your phone with PIN, password, or fingerprint scanner. These options are more secure than a swipe pattern or facial recognition. Make sure your PIN isn’t simple like 1234 😊.
● Back up Your Data – Whether traveling locally or internationally, you need to securely manage passwords and back up data often. This data can be saved on a local drive at home (or the office) or the cloud. In the event you lose your phone, you’ll still have access to important messages and contacts.
● Turn on Tracking Apps – If you haven’t already, enable your Find My iPhone or other tracking app. If this feature is disabled or if your phone is in airplane mode, you won’t be able to track your phone.
● Wipe Phone Data – In the event that you are unable to get your phone back, make sure you have way to remotely wipe the data.
Another thing to consider might be a separate business phone. At the very least you want your devices to be password protected and/or the files, applications to require multi-factor authentication.
What can my employees do to protect business data?
Employees are also responsible for data protection. Businesses must decide in their technology use policies (1) which employees should have access to business info on phone; (2) whether employees who need access should be given a phone for business use only or use a personal device; (3) if using personal devices, how much control the business will have to access/wipe the phone if it is lost; and (4) define how and when employees should report a lost device. Businesses can also utilize software programs to manage data security including – antivirus, requiring PIN/password, requiring VPN (versus open Wi-Fi), and business access to wipe phone remotely.
What if I don’t recover my phone?
After a moment of panic, you should take a breath, and assess the situation. You’ll need to contact the police if you think the phone was stolen. Unfortunately, if the lost device was not secured, you may have to reach out to affected parties immediately regarding a potential data breach. Data protection rules and regulations change often and vary per state and country. Most states allow at least 30 days to notify parties of a potential data breach.
Create and Maintain a Data Protection Plan
Data protection is the law. Staying on top of this is important to your business’ integrity and it can be overwhelming. Contact Kliebert Law today. We want to help you identify risks and take action to protect your business.