PROTECT YOUR BUSINESS DATA

Against breaches and fraud.

Your Banc of California business accounts are protected by technologies that help identify and prevent fraud and identify theft.

But the most important safeguards to protect sensitive information—such as Social Security numbers, credit cards and other account data that identifies customers or employees—are the ones you put in place.

These measures are more than good business. Federal, state and local laws may require that businesses in your industry provide reasonable security for sensitive information.

A SOUND DATA SECURITY PLAN IS BUILT ON THESE FIVE KEY PRINCIPLES:

Take Stock

Know what personal information you have in your files and on your computers.

  • Inventory all file storage and electronic equipment. Where does your company store sensitive data?
  • Talk with your employees and outside service providers to determine who sends personal information to your business and how it is sent.
  • Consider all the ways you collect personal information from customers and what kind of information you collect.
  • Review where you keep the information you collect and who has access to it.

Scale Down

Keep only what you need for your business.

  • Use Social Security numbers only for required and lawful purposes. Don’t use SSNs as employee identifiers or customer locators.
  • Keep customer credit card information only if you have a business need for it, and ensure stored information is in accordance with Payment Card Industry Data Security Standards (PCI-DSS).
  • Review the forms you use to gather data — like credit applications and fill-in-the-blank web screens for potential customers — and revise them to eliminate requests for information you don’t need.
  • Change the default settings on your software that reads customers’ credit cards. Don’t keep information you don’t need.
  • Truncate the account information on electronically printed credit and debit card receipts you give your customers. You may include no more than the last five digits of the card number, and you must delete the card’s expiration date.
  • Develop a written records retention policy, especially if you must keep information for business reasons or to comply with the law.

Lock It

Protect the information in your care.

  • Put documents and other materials containing personally identifiable information in a locked room or file cabinet.
  • Remind employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day.
  • Implement appropriate access controls for your building.
  • Encrypt sensitive information if you must send it over public networks.
  • Regularly run up-to-date anti-virus and anti-spyware programs on individual computers.
  • Require employees to use strong passwords. Experts say long passwords with a combination of letter and numbers are safer. Do not use easily-guessed passwords such as “password” or the company name.
  • Caution employees against transmitting personal information via e-mail.
  • Create security policies for laptops used both within your office, and while traveling.
  • Use a firewall to protect your computers and your network.
  • Set “access controls” to allow only trusted employees with a legitimate business need to access the network.
  • Monitor incoming Internet traffic for signs of security breaches.
  • Check references and do background checks before hiring employees who will have access to sensitive data.
  • Create procedures to ensure workers who leave your organization no longer have access to sensitive information.
  • Educate employees about how to avoid phishing and phone pretexting scams.

Pitch It

Properly dispose of what you no longer need.

  • Properly dispose of what you no longer need.
  • Create and implement information disposal practices.
  • Dispose of paper records by shredding, burning, or pulverizing them.
  • Defeat dumpster divers by encouraging your staff to separate the stuff that’s safe to trash from sensitive data that needs to be discarded with care.
  • Make shredders available throughout the workplace, including next to the photocopier.
  • Use wipe utility programs when disposing of old computers and portable storage devices.
  • Give business travelers and employees who work from home a list of procedures for disposing of sensitive documents, old computers, and portable devices.

Plan Ahead

Create a plan to respond to security incidents.

  • Create a plan to respond to security incidents, and designate a response team led by a senior staff person.
  • Draft contingency plans for how your business will respond to different kinds of security incidents. Some threats may come out of left field; others, such as a lost laptop or a hack attack, are unfortunate but foreseeable.
  • Investigate security incidents immediately.
  • Create a list of who to notify — inside or outside your organization — in the event of a security breach.
  • Immediately disconnect a compromised computer from the Internet.

GET THE MOST OUT OF YOUR BANKING EXPERIENCE.

Explore our digital services with these helpful resources:

ONLINE BANKING

Log into business online and business online pro for advanced, flexible cash management capabilities.

LEARN MORE ABOUT ONLINE BANKING

MOBILE BANKING

Use business mobile banking to access a complete range of self-service banking capabilities.

LEARN MORE ABOUT MOBILE BANKING

REFERENCE GUIDES

Looking to learn more about the products and services we provide? Access our reference guides for more information.

LEARN MORE ABOUT OUR REFERENCE GUIDES

FREQUENTLY ASKED QUESTIONS

Find answers to frequently asked questions.

LEARN MORE ABOUT FREQUENTLY ASKED QUESTIONS

BUSINESS INSIGHTS

Our Business Insights library offers a wide range of knowledge and thought leadership resources to help you:

  • Protect against a wide range of payment fraud attacks and other scams
  • Manage your business for maximum efficiency
  • Add value to your banking processes and financial strategies

LEARN MORE