More and more businesses these days are going digital—from small independent start-ups to large multi-national conglomerates. And it's easy to see why: online record keeping offers a wide range of benefits compared to the outdated paper filing system, including better organization, accessibility, and fewer resources required to maintain it.
But, as the recent Target data breach showed, there is also a big risk in keeping confidential customer records on computer databases, and those who don't have the necessary security measures in place to prevent a breach are almost asking to get hacked.
And if you think your business is too small to attract the attention of hackers, think again…
A 2012 Verizon data breach report found that of the 855 cyber attacks identified that year, over two-thirds (71%) were targeted at businesses with fewer than 100 employees. Furthermore, a majority of these small businesses were ill-prepared for a cyber attack that could have been prevented with some simple and inexpensive countermeasures.
So what steps can you take to further protect your customer data from cyber theft? The Better Business Bureau gives 6 recommendations in their Data Security Guide, starting with creating a written security policy.
To determine what type of security policy you need to have in place, first you will need to meet with key members of your team and discuss exactly what type of data you collect and store, as well as what security you currently have in place to protect this information.
Before you write down your security policy, you will also need to answer questions like:
Once you have answered these questions, you are ready to put your company security policy on paper.
Don't get lazy by using hack-friendly passwords such as the user's name, “12345,” “password”, “ABCDE,” or any other similar combination. Weak passwords like these are a hacker's dream, and consequently, there's little you can do to protect against a breach. Instead, use strong passwords that are unique and change them every 45-60 days.
Set up your programs and systems so that each employee only gets access to certain data based on what their job requires. Limiting the number of people who can access customer information and on what devices helps you retain control over where it goes.
All company devices should have updated anti-virus and spyware protection. Any employee who tries to access data from a mobile device should have firewall software, as well. You should have at least a basic protection program—many of which are inexpensive or even free—but additional intrusion prevention is recommended for businesses who store sensitive electronic information, such as bank accounts and Social Security numbers. Full scans for viruses and spam should be run at least once a week.
You also need to have safeguards in place in case human error, device malfunctions, or a data breach prevents you from accessing data. Ideally, store backups in a secure location that is independent of your main operating system. Also, securely delete any unnecessary data that you don't need, such as addresses for customers you don't send mail to and files you haven't used in years. Risk Manager applications are expressly designed for providing secure and efficient data collection processes.
Never transmit sensitive data via email unless it is encrypted. Encryption makes it impossible for unauthorized users to read the message. For other web data sharing, use secure connections such as SSL technology.
Protecting your data from theft doesn't have to cost an arm and a leg—and when it comes down to it, these days you really can't afford NOT to. One mishandling or data breach can seriously damage a company's reputation or even drive it out of business altogether. By incorporating simple safety measures into your small business's technology platform, you can ensure your digital security and protect your customers.
Our IT consulting offices located in Atlanta and Washington, DC are staffed with experts dedicated to keeping your customer data secure. We invite you to browse around our blog and knowledge center to learn more, or contact us today to discuss your individual company's needs.