Growing a small business is no easy task and requires you to have your eye on every aspect of the operation. But are you keeping an eye on the methods by which you are protecting your customer data? If you aren’t sure, then it’s time to make it a priority. After all, a data breach can have devastating impacts on your business and your customers.
You may think data breaches only happen to large companies but the truth is, it happens to businesses of all sizes. According to the Verizon Data Breach Investigation Report, small businesses face threats just like large businesses do. Out of the 23,896 security incidents analyzed, small businesses—those with up to 1,000 employees—experienced more security incidents than businesses with over 1,000 employees. Very small businesses—those with less than 10 employees—experienced 832 security incidents, which is more than 40% of all small businesses incidents. Why? Mainly because very small businesses do not have the cybersecurity resources that larger businesses do, and cybercriminals are aware of this.
What is a Data Breach?
A data breach is a security incident in which information is accessed or stolen by unauthorized individuals—either internally or externally. Data breaches can occur when personal data is exposed, either online or offline. They can also occur when an organization’s systems are compromised, allowing attackers to access sensitive data.
Data breaches can have a devastating impact on businesses. They can damage an organization’s reputation, lead to financial losses and cause customers to lose trust in the company. In some cases, data breaches can also result in legal action being taken against the organization.
Keeping Your Customer Data Safe
If you aren’t sure where to begin, here are 10 steps you can take today to protect customer data.
1. Know your data.
The first step is to make a list of all the types of customer data you collect or have on file. That means names, physical addresses, email addresses, phone numbers, and billing information. Then list out where you store this information — whether it’s electronically or in a physical filing system. Be thorough in this approach; you’ll want a full picture of everything you have access to and where it resides. Also, consider whether or not you actually need to be collecting each type of customer data and make sure you are only collecting data that is crucial to your business operations.
2. Restrict access.
Determine who in the organization should have access to this information; it shouldn’t be broadly available to employees. Whether you keep things in a file cabinet, on your computer or in an online tool, make sure as few people as possible have the keys, codes and passwords. And keep a careful inventory of who has access to what. That way, if someone leaves the company, you can quickly change codes and passwords to keep things protected.
3. Use password managers.
Password managers are a great way to keep track of your passwords and other sensitive information. By storing all of your passwords in one secure location, you can ensure that they are always available when you need them. In addition, password managers can help you generate strong passwords that are difficult to guess. They can also keep track of your login information for different sites and apps, so you don’t have to remember every password yourself. Finally, many password managers offer multi-factor authentication, which adds an extra layer of security to your account.
4. Take authenticated payments.
Magnetic-stripe cards are going to become obsolete as newer payment technologies emerge. According to a study by research firm Markets and Markets, payment processing solutions are expected to grow to $120 billion by 2025. EMV (chip cards) and NFC (contactless payments like Apple Pay) are more secure than the aforementioned traditional magnetic-stripe cards, where customers’ bank account information is static on the back of the card. EMV and NFC transactions are authenticated—meaning they encrypt customer account information as the payment is processed.
5. Make sure you’re PCI compliant.
To make sure business owners keep their customers’ data secure, credit card companies have come up with a series of regulations called the Payment Card Industry Data Security Standard, or PCI DSS.
PCI DSS aims to ensure businesses that accept, process, store or transmit credit card information maintain a secure environment so cardholder information does not fall into the wrong hands. To be considered compliant, your business needs to adhere to the set of security standards that all five major payment brands have set up through their organization.
6. Keep an eye out for phishing attempts.
Scammers are becoming increasingly sophisticated in their attempts to access your systems and information. A popular and effective method is phishing emails—emails that look legitimate but in fact are not. Leveraging spam filters and educating your employees on phishing tactics are a solid first step in protecting your customers’ data.
7. Keep all software up to date.
Hackers often exploit vulnerabilities in old software versions to gain access to systems. By keeping software up to date, organizations can close these security holes.
8. Back up your data regularly.
A backup is a copy of your digital information—your files. Files can be accidentally or maliciously deleted, destroyed, or corrupted in a fire, natural disaster, or ransomware attack. You need a copy of your files to restore them. Consider what files you need to back up, how frequently you need to perform backups, where you will save your backups. Store your backups offline, so they can’t be encrypted by ransomware.
9. Use a security suite that includes anti-malware protection.
Anti-malware software protects your devices from malicious software, which can damage your system or steal your personal information. It can also help to prevent phishing attacks. In addition to anti-malware protection, your security suite should also include a firewall and anti-spam features. By using a comprehensive security solution, you can help to keep your data safe from the latest threats.
10. Have a plan in place for what to do in the event of a data breach.
Having a data breach plan will allow you to quickly contain the damage and minimize the impact on your business and your customers. In your data breach plan, consider actions like when to notify your employees and when to consult with your attorney about how to notify your customers.