2017-12-05 00:00:00 Running a Business English Learn file management strategies that can help your small business protect confidential business, client, and employee data. https://quickbooks.intuit.com/ca/resources/ca_qrc/uploads/2017/12/Man-views-file-management-application-for-confidential-files.jpg https://quickbooks.intuit.com/ca/resources/business/confidential-file-management-system/ How to Manage Confidential Files

How to Manage Confidential Files

2 min read

Many small businesses handle confidential information ranging from trade secrets and client data to signed contracts and personnel documents. As a manager or owner, it’s your responsibility to protect and secure this data.

Protected Information

Start your file security program by separating digital and hard copies into two categories: protected information, such as legal documentation and employee files, and information that’s available to all workers, such as proprietary blueprints or trade secrets. Store the protected files separately and restrict access to prevent your employees from seeing confidential data.

Hard Copies

Even if your company is going digital, physical file management is still an important concern. The Canada Revenue Agency requires you to keep business records for at least six years from the end of the taxation year, for example, and you must also manage employment applications, paper contracts, and legal forms. To keep documents safe, invest in sturdy file cabinets with secure locks. Audit your filing system on a regular basis to ensure nothing is missing, and destroy extra paper copies using a cross-cut shredder.

Digital Files

Digital security is a serious concern for small businesses. To protect your digital files, take these precautions:

  • Store your confidential files on a secure, in-house server
  • Restrict file access to necessary employees
  • Use strict password protocols and require your employees to change passwords every three months
  • Prevent employees from downloading files to USB drives and public cloud accounts
  • Use an encrypted virtual private network to transfer and access files when workers are out of the office
  • Ask employees to avoid emailing files
  • When emailing is necessary, use only encrypted office email accounts
  • Do not use public Wi-Fi networks to access confidential information

Computers and Mobile Devices

If your employees use home computers, laptops, smartphones, and tablets to access digital files, your confidential data might be at risk. It’s not uncommon for an employee to download a client file to a personal phone to review, but if the device is lost or hacked, it exposes sensitive information. The same goes for company email accounts.

For many companies, it’s unreasonable to restrict file, email, and text access to the office. One solution is to provide phones, tablets, or laptops to each employee for work use; that way, your IT staff can add security software, malware protection, and secure password protocols. If that doesn’t fit your budget, use secure systems to control remote data access: use a secure authentication system for the network, allow files to be viewed but not downloaded, and require workers to check email using a secure app.

Human Resources

When it comes to protecting employee data, your human resources department is the first line of defense. HR workers manage a huge amount of personal information, including social insurance numbers, performance reviews, financial records, and tax forms, so it’s important to take extra precautions.

Employee data protection starts with your database, so it’s a good idea to restrict access to your HR staff with individual logins. Avoid sending personal information by email, and when you must, check each message carefully to ensure that it’s going only to the person in question. Be sure to train your staff and management in these practices to ensure that they don’t accidentally share performance reviews or personal data by email. When scheduling disciplinary meetings online, don’t include the reason or the employee’s name in the title — if the meeting is automatically added to your calendar, that private information is visible to everyone else who has access.

Information may be abridged and therefore incomplete. This document/information does not constitute, and should not be considered a substitute for, legal or financial advice. Each financial situation is different, the advice provided is intended to be general. Please contact your financial or legal advisors for information specific to your situation.

Related Articles

What Is an NDA and When Does Your Small Business Need One?

You have a new product, a new invention, a new business idea.…

Read more

Is Your NDA Loophole-Free?

If you deal with vital intellectual property in your business, you know…

Read more

Protecting Your Business Idea While Marketing on Social Media

Every company has its trade secrets, including yours, but keeping confidential information…

Read more