Security is arguably the top concern for customers. And, for good reason. In 2015 there was an estimated half a billion data breaches. A data breach can damage your reputation, decrease sales, and even cost you a ton of money in settling lawsuits.
To prevent any of those from happening, you have to take the following steps in ensuring that your small business won't experience a data breach.
Provide your employees with training.
Because of that, it's important that you properly train your employees in security basics and raising their awareness of common scams. One of most effective ways to accomplish this is through social engineering.
"Social engineering involves manipulating workers to voluntarily give up information or access," says Terry Evans, president of Cybersecurity Biz in Rochester, NY, in The Hartford.
Social engineering works like this: Someone posing as a social engineer will someone in your office your office claiming that they're 'testing the system' in order to trick that employee into handing over their password. According to Evans, that social engineers is relying on the fact that employees aren't aware in the value of the information that they possess, so they're lax in guarding it.
- Instructing employees never to click on unsolicited e-mail attachments, or links that are embedded in emails.
- Training employees to never share sensitive information anyone without first verifying their identity.
- Refraining from using USB drives that are left out in the open. These devices are often left by hackers and once used, the company becomes infected with malicious software, which gives the hacker access to your system.
Another way to avoid employee error is by restricting their access to secure data, like customer's payment information or administrative access to things like bookkeeping software and social media accounts.
Limit the amount of personal data you have stored.
For starters, only collect the information that you need from your customers. For example, there's absolutely no need to gather their email passwords when collecting their email addresses when they register for an account. Furthermore, never use their personal information, such as using real people's personal information in employee training sessions.
Also, limit the amount of time that you store your customer's information. Once a transaction is completed, there's no longer a need to hold onto the credit and debit card information that were used to complete the transaction.
Having too much personal information, and holding onto it, doesn't just add unnecessary risk, it could also land you in hot water with organizations like the FTC.
Encrypt your data.
Zaharia explains that, "Encryption is a process that transforms accessible data or information into an unintelligible code that cannot be read or understood by normal means." Thankfully, encryption tools are included on most operating systems. For Windows-based PCs it's BitLocker and on Macs it's FileVault.
There are also free encryption tools like VeraCrypt, 7Zip, and AxCrypt.
Make sure your payment processing network is secure.
Create secure passwords and comprehensive authorization.
To make your life easier, there are a number of password managers, such as LastPass, Dashlane, and KeePassX, that will protect your online accounts without having you to memorize a those lengthy and complicated passwords.
You should also consider two-factor authentication. This simply uses a password and another factor, like a pin code sent to a mobile device or a fingerprint, whenever you or your team logs into an account.
Two-factor authentication is useful when you or your employees access data from more than once device, such as a laptop, tablet or smartphone, or when you're working remotely since it requires a second-level of authentication, instead of just a password that can can easily be discovered.
Don't forget the physical information.
How to recover from a data breach.
- Even after a breach has been squashed, there's still a possibility that your customers will have to deal with issues like identity theft. And, you're going to receive a fair share of questions and complaints from your customers. Guide them through the post-process by being transparent, responding to their concerns, and offering them one year of identity theft prevention.
- Work with law enforcement and consumer protection agencies by providing them the information that they need.
- Launch a PR campaign to win back customers.
- Rethink and update your current security strategy and software.
How to Make Sure Your Small Business Doesn't Have a Data Breach was originally published on Due Small Business Blog by Chalmers Brown.