1) Design a business process for your products and services. Even if the process seems common place, you shouldn’t assume everyone thinks like you do, especially in today’s diverse population. Your values and your common sense may not seem so common to everyone else. Think about what makes the most sense to protect your customers’ data – not only on your computers, but offline as well.
2) Write down the process, which then becomes your ‘employee procedures.’ These new procedures should be published and shared with your staff. Keep them consistent across the board and all departments so there is no confusion. Make sure they are in line with your core values as well.
3) Assign a person to be responsible for the new employee procedures. Policies and procedures on a piece of paper mean nothing until they are carried out. The person you put in charge (maybe it’s you) needs to make sure every employee understands the procedures how you envision it, and quality controls the business process.
4) Test and audit the process. Even with a point person in charge to keep the staff accountable, sometimes there are breaks in the system. That’s just life. Test your process and procedures, announced or unannounced (even better!). When you plan a test, it’s easier to pay attention to where the breaks are, at what point in the process, and make the appropriate fixes.
5) Prepare an emergency protocol. Even if you think you have the perfect procedures and process in place, accidents happen, and hackers are getting smarter. What would you do if your client data gets breached? Have an emergency plan in place and protocol for notifying your customers. Be honest and transparent about the issues, and have a plan to go forward.