Security is arguably the top concern for customers. And, for good reason. In 2015 there was an estimated half a billion data breaches. A data breach can damage your reputation, decrease sales, and even cost you a ton of money in settling lawsuits.
To prevent any of those from happening, you have to take the following steps in ensuring that your small business won't experience a data breach.
Provide your employees with training.
According to a report released by the
, employee error is the leading cause of data breaches, such as sending an email containing sensitive information to to unauthorized individual outside of the company.
Because of that, it's important that you properly train your employees in security basics and raising their awareness of common scams. One of most effective ways to accomplish this is through social engineering.
"Social engineering involves manipulating workers to voluntarily give up information or access," says Terry Evans, president of Cybersecurity Biz in Rochester, NY, in The Hartford.
Social engineering works like this: Someone posing as a social engineer will someone in your office your office claiming that they're 'testing the system' in order to trick that employee into handing over their password. According to Evans, that social engineers is relying on the fact that employees aren't aware in the value of the information that they possess, so they're lax in guarding it.
Social engineering awareness training, in conjunction with written policies and procedures, can be achieved through;
- Instructing employees never to click on unsolicited e-mail attachments, or links that are embedded in emails.
- Training employees to never share sensitive information anyone without first verifying their identity.
- Refraining from using USB drives that are left out in the open. These devices are often left by hackers and once used, the company becomes infected with malicious software, which gives the hacker access to your system.
"Failing to address the threat posed by social engineering is somewhat like buying a high tech security system and then leaving your front door unlocked," says Evans.
Another way to avoid employee error is by restricting their access to secure data, like customer's payment information or administrative access to things like bookkeeping software and social media accounts.
Limit the amount of personal data you have stored.
As the
recommends, you need to go lean and mean in your data collection, retention, and use policies.
For starters, only collect the information that you need from your customers. For example, there's absolutely no need to gather their email passwords when collecting their email addresses when they register for an account. Furthermore, never use their personal information, such as using real people's personal information in employee training sessions.
Also, limit the amount of time that you store your customer's information. Once a transaction is completed, there's no longer a need to hold onto the credit and debit card information that were used to complete the transaction.
Having too much personal information, and holding onto it, doesn't just add unnecessary risk, it could also land you in hot water with organizations like the FTC.
Encrypt your data.
As Andra Zaharia explains in the
, "Encryption tools are very useful in keeping valuable information hidden from cyber criminals, because it renders the data inaccessible to prying eyes."
Zaharia explains that, "Encryption is a process that transforms accessible data or information into an unintelligible code that cannot be read or understood by normal means." Thankfully, encryption tools are included on most operating systems. For Windows-based PCs it's BitLocker and on Macs it's FileVault.
There are also free encryption tools like VeraCrypt, 7Zip, and AxCrypt.
Make sure your payment processing network is secure.
Before you start accepting payments online make sure that your network has an adequate firewall and updated virus protection. Also, make sure that the platform you're using is
.
Create secure passwords and comprehensive authorization.
I completely understand creating and remembering complex passwords is annoying. However, it's essential if you want to prevent data breaches. When considering possible passwords, make sure that they're strong, contains at least 13 characters, symbols, letters, and numbers. It's also suggested that you change your passwords frequently and lock users out after a certain number of incorrect password attempts.
To make your life easier, there are a number of password managers, such as LastPass, Dashlane, and KeePassX, that will protect your online accounts without having you to memorize a those lengthy and complicated passwords.
You should also consider two-factor authentication. This simply uses a password and another factor, like a pin code sent to a mobile device or a fingerprint, whenever you or your team logs into an account.
Two-factor authentication is useful when you or your employees access data from more than once device, such as a laptop, tablet or smartphone, or when you're working remotely since it requires a second-level of authentication, instead of just a password that can can easily be discovered.
Monitor threats.
Why wait for a data breach to happen in the first place? With monitoring tools like
you have real-time threat detection that locates and disables any suspicious activity before databases are attacked.
Don't forget the physical information.
We get so focused on online and cloud-based data protection that we neglect physical property like paperwork, hard drives, laptops, flash drives, and disks. Make sure that these physical items are stored securely and not carelessly left out for anyone to grab, like in your garage or passenger seat of your car.
Like not storing personal data that you no longer need, you should also dispose of information that you no longer need securely. For example, if you're a local pharmacy, then you would want to shred customer's outdated prescriptions.
How to recover from a data breach.
Despite taking the precautions listed above, you can't completely avoid a data breach 100%. If that's the case, here are some of the steps that you should take following the breach;
- Even after a breach has been squashed, there's still a possibility that your customers will have to deal with issues like identity theft. And, you're going to receive a fair share of questions and complaints from your customers. Guide them through the post-process by being transparent, responding to their concerns, and offering them one year of identity theft prevention.
- Work with law enforcement and consumer protection agencies by providing them the information that they need.
- Launch a PR campaign to win back customers.
- Rethink and update your current security strategy and software.
Our 2024 Coverage Needs You
It's Another Trump-Biden Showdown — And We Need Your Help
The Future Of Democracy Is At Stake
Our 2024 Coverage Needs You
Your Loyalty Means The World To Us
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
Contribute as little as $2 to keep our news free for all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
The 2024 election is heating up, and women's rights, health care, voting rights, and the very future of democracy are all at stake. Donald Trump will face Joe Biden in the most consequential vote of our time. And HuffPost will be there, covering every twist and turn. America's future hangs in the balance. Would you consider contributing to support our journalism and keep it free for all during this critical season?
HuffPost believes news should be accessible to everyone, regardless of their ability to pay for it. We rely on readers like you to help fund our work. Any contribution you can make — even as little as $2 — goes directly toward supporting the impactful journalism that we will continue to produce this year. Thank you for being part of our story.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
It's official: Donald Trump will face Joe Biden this fall in the presidential election. As we face the most consequential presidential election of our time, HuffPost is committed to bringing you up-to-date, accurate news about the 2024 race. While other outlets have retreated behind paywalls, you can trust our news will stay free.
But we can't do it without your help. Reader funding is one of the key ways we support our newsroom. Would you consider making a donation to help fund our news during this critical time? Your contributions are vital to supporting a free press.
Contribute as little as $2 to keep our journalism free and accessible to all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
Contribute as little as $2 to keep our news free for all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. Would you consider becoming a regular HuffPost contributor?
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. If circumstances have changed since you last contributed, we hope you'll consider contributing to HuffPost once more.
Support HuffPostAlready contributed? Log in to hide these messages.