Protecting customer data has to be among the top priorities of a small business owner. Hackers and thieves have been known to deliberately target smaller firms because they know security measures tend to be less robust and inconsistently implemented than those at larger corporations. Here’s what you need to do to protect yourself:
Minimize the amount of data you store and who has access to it
Be mindful about the type and amount of customer data you accept and store. The less you store, the smaller your risk exposure. For this reason, the majority of business owners don’t store credit card information, choosing instead to pass that data along to card processors who have more robust security systems. However, more general data, including customers’ home addresses, birthdays, and purchasing history still have value and must be protected. Restrict access to this data to those employees who have a legitimate reason for it, and routinely monitor when and how they access that information.
Ensure all web applications are secure
If you’re using a cloud-based system to record and store customer data, make sure the web application you use to access this information from your computer and smartphone is secure. An easy way to determine this is to look at the browser address bar. Secure applications will display a “https:” rather than a “http:” at the beginning of the web address.
Also, be sure to check the web application’s policies and terms of service thoroughly to determine what use they’re making of the data you store. Free applications in particular make money by mining the data stored on their sites and selling it to advertisers. Choosing an application you pay for should ensure your data is not used this way – but you’ll want to carefully read the terms of service to be absolutely sure.
A Verizon RISK study found that 76 percent of data breeches involve weak or overly simplistic passwords, such as “password” or “1234”. Make it a policy for employees to change their passwords at least every 90 days. The best passwords are at least eight characters long, contain upper and lower case letters, numbers, and characters. Discourage employees from using their own name, the company name, or any other easily guessed information as part of their password. And although it sounds obvious, make sure employees know not to keep their passwords posted on or near their keyboards or monitors.
Consider data liability insurance
Data liability insurance, also known as cyber insurance, protects policy holders against lawsuits from customers or employees impacted by a data breech, and in some cases, compensates for lost income that occurs as a result of a hacking event. To determine whether you need data liability insurance, talk with your insurance agent about costs, what specific protections are being offered, what data you’re storing, and the consequences of a breech. This analysis will help you assess whether or not you need to spend the money for this type of protection.
Bank of America, N.A. engages with Touchpoint Media LLC to provide informational materials for your discussion or review purposes only. Touchpoint Media LLC is a registered trademark, used pursuant to license. The third parties within articles are used under license from Touchpoint Media LLC. Consult your competent financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.