Companies need to manage who gets their hands on their data. Includes tips for controlling access to sensitive data in your business. ******************************************** Transcript: [MUSIC PLAYING] [MUSIC PLAYING] Protecting sensitive data is critical to the success of your business. The Start With Security video series and the resources at business.ftc.gov offer lots of valuable tips. Savvy companies control who can and can’t get their hands on their data. Not every employee needs access to everything, especially customer information. One social media company learned this the hard way when it was the subject of an FTC case. The company failed to restrict administrative rights, so nearly every employee could access user’s account. Hackers used employee credentials to reset user passwords and sent phony messages from several accounts, including the accounts of a major news organization and the president-elect of the United States. Information controls make a difference. Look at your own company. Who has administrative privileges? What data can they access, and what can they do with it? Tailor access based on job responsibilities, and restrict it to authorized parties only. In another case, the FTC cited a financial firm for failing to adequately restrict employee access to consumers’ personal information. Employees who didn’t need access to any of this data for their jobs transferred more than 7,000 files to third parties, and one employee sold surplus hard drives that contained information– about 34,000 customers. How can your company avoid disastrous and preventable scenarios? Assign access only on a need-to-know basis. For your network, consider limiting access to the places where personal data is stored and putting controls on who can use certain databases. Learn more ways to control access to sensitive data in your business, and build a culture of data security by visiting ftc.gov/startwithsecurity. [MUSIC FADING] ******************************************** Learn more about this subject on the FTC’s website: https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business Comment Moderation Policy: We welcome your comments and thoughts about the information on this page. If you do have something to say, please be courteous and respectful to other commenters. We won’t routinely review or edit any comments before they are posted, but we will delete any comments that: 1) contain spam or are off-topic 2) use vulgar language or offensive terms that target specific groups or contain personal attacks 3) are sales pitches, promotions, urls or links to commercial sites 4) spread clearly misleading or false information or 5) include personal information, like home addresses