Most small businesses handle a fair amount of personally identifiable information – files or documents with client and employee Social Security numbers, credit card information, names, addresses, and email addresses. These files are a goldmine for hackers, and if you don’t want to dangle extra data breach bait, you should create a system for carefully storing them.
To reduce your cyber liability exposure (a good plan even if you have Cyber Liability Insurance to address the financial fallout after a data breach), consider tossing these three types of files and documents. Bonus: doing so may also reduce some physical and digital clutter around the office.
Tax returns are obvious targets for hackers and identify thieves, but if you’re like many small-business owners, you may be tempted to hold on to every return since the dawn of time.
The exception: You may need to hold on to some of the information that accompanies your tax return. Beran notes, “Tax records that support cost of assets owned should be retained three years after the asset is disposed.”
Be careful when sorting through employment records. You can dispose of some of these records after several years, as Beran notes. Others need to be kept permanently.
For example, Beran states a business owner must retain IRS records for employee payments, employer tax deposits, and reports for at least four years. (That includes W-9s for contractors.) On the other hand, the Department of Labor allows for the disposal of employee pay rate, hours worked, and time cards after two years.
The exception: Because a number of agencies govern employment records, retention requirements vary. To reduce your liability, Beran recommends small-business owners “consult their tax advisor, accountant, and attorney to develop policies and procedures for proper records management.”
Your inbox is probably full of important data. For example, if clients have ever sent their credit card numbers along with their signed contracts or you’ve had a W-9 form emailed to you, you’re sitting on valuable data. What’s worse, you can be liable if that data is stolen.
The exception: You may need to transfer sensitive information from your inbox to a more secure location. This is especially true if your email contains business records such as insurance policies, leases, or contracts.
Though you may be tempted to delete everything, hang on to client correspondences about the status of a project. You might need these messages to support your defense if a client is unhappy with the project’s outcome and files a professional liability lawsuit later.
Get Insured Quick has a unique customer service experience, and a better vision of how to streamline the process to give the best customer service. Get Insured Quick has helped many business owners and individuals find the right insurance, save time and money, and avoid the stress normally associated with buying insurance.