How Small Businesses Can Protect Customers’ Data and Their Own Profits
- Published: Monday, 29 March 2021 12:02
Keeping your customers’ information safe is more than a security concern. A data breach can mean lost productivity, embarrassment, reduced faith, expensive recovery, and it can even lead to a company’s failure. Here’s how to make sure your small business is following best practices so you can protect customer data, as well as your bottom line.
While data-related mishaps by big companies tend to catch the most media attention, USA Today notes that it’s small businesses that are targets of cyber crime. In fact, two thirds of cyber attacks are aimed at small businesses, and 60 percent of small businesses that fall victim are unable to recover, shutting down permanently within six months of an attack.
As cyber crime advances, more states are requiring businesses of various types and sizes to follow strict guidelines to protect customers’ information. As an example, the Health Insurance Portability and Accountability Act (HIPAA) requires companies to protect private health information. Or New York now requires financial institutions to comply with NYDFS Cybersecurity Regulation. In order to comply, businesses must evaluate their own weak spots and proactively address concerns. You can find out the requirements for various states by exploring data security laws in different areas. Even if you live in a state with softer guidelines, businesses must notify customers of a data breach based on the customers’ locations. In other words, if you have customers in Kentucky and your business is set in California, you must follow Kentucky’s notification rules for customers in that state should a data breach occur.
Putting up defenses
It doesn’t take long to realize it’s in your best interests to make every attempt to avoid data breaches. A data breach can come in many forms, so one place to start is to examine what you have that criminals would want to steal. Evaluate your practices for handling sensitive data like credit card information and bank account numbers. Note PCI compliance is required of all businesses that handle credit cards, so it’s important to assess related practices carefully.
Installing appropriate hardware and software is another key to avoiding trouble. Firewall protection is a crucial tool to have. Additionally, antivirus software protects your data from malware, ransomware, and the like. Keep your software up-to-date with the latest security patches as well, and if your company hasn’t moved to cloud storage, consider doing so. Not only does saving data in the cloud provide better security, there are other advantages, such as improved sharing, easy restoration, and reduced overhead.
Training your troops
It’s important to ensure your staff isn’t a weak link in your company’s defenses. Make sure your team knows to avoid opening suspicious emails from unfamiliar sources, and not to divulge sensitive information. Also, develop a solid password protocol. Train everyone to avoid using actual words, to make passwords reasonably complex, and to keep passwords strictly confidential. Your staff can use certain “tricks” for their passwords which help with memorization. For instance, they can use acronyms for memorable phrases, such as “TIMNPFW,” which could stand for “this is my new password for work.” If you elect to incorporate numbers, they can exchange “for” with a 4, and so forth.
If you want to take matters further, you could encourage your employees to further their education by taking online IT courses. The best part of this approach is that they can complete the courses in their free time, which shouldn’t interfere with their regular work schedules.
Make plans for trouble
No system is foolproof, so having a plan in place in the event a data breach occurs ensures the best possible chance of coming through on the other side with a healthy company. Develop a sound incident response plan, and train your staff how to proceed in the event of a breach. If you have an IT team, they will likely be integral to recovery. If your business doesn’t have IT staff, you’ll likely have to hire a data recovery professional to help minimize the damage. Another resource would be a digital forensics specialist, which can potentially trace where a breach occurred, help restore data, and gather evidence against the criminal.
Developing appropriate defenses is not only a smart solution, it’s a chance to ensure your company doesn’t become just another statistic. Follow best practices and ensure compliance on all levels of your organization. Protecting data is crucial to your small business’s success.