Protecting Your Customers’ Personal Information
Nearly half of all cyberattacks target small businesses. One reason they make appealing targets to data thieves is that they often don’t have the defense mechanisms in place like large corporations and/or haven’t allocated a budget for cybersecurity.
“Often, the hackers get away with it because small businesses don’t have the resources to combat it,” notes Terry Evans, president of Lighthouse Business Consulting Services, and an expert in cybersecurity for small businesses.
In 2015, 43 percent of spear-phishing campaigns, in which cyberattackers use deceptive emails to get sensitive information, targeted small business employees, according to internet security company Symantec.
Whether you sell products at a brick-and-mortar store or through a website, the good news is knowledge is power. Take these steps to keep your customers’ data safe, and they’ll be more apt to feel comfortable coming back.
Install — and update — the right software. Running anti-virus, malware, and/or spyware prevention software is your first line of defense. But you must make sure it is regularly updated.
“One of the problems I see with small businesses is that they buy into a product they either don’t need, don’t want, don’t understand, or they don’t use, and it just kind of sits there,” says Evans. “Or they’ll buy a product and won’t update it and then it’s worthless.”
Use a secure network. Invest in a secure, dedicated server used only by your business and your employees. While it may be cheaper upfront to share your server, by using a secure network you significantly lower the risk of leaving your customers’ information open to hacking. And always back up your data. By having a second copy of everything, you won’t be devastated by “ransomware,” a type of malware that blocks access to your data until you pay a ransom.
Encrypt your data. Using encryption technology is another way to safeguard your customers’ information. Stores that have employees walking around using mobile devices to scan credit cards can be especially vulnerable to hacking. Invest in the latest encryption software and keep it updated.
Create strong passwords. Ditch the four-letter, easy-to-remember passwords. Make them strong and long. “Passwords should be at least eight characters long but I would advocate for 13 or 15 characters,” says Evans. “They should not be a word; they should be random with symbols, numbers, capitalization, and all of that.”
Train staff in best practices. Often, the weakest link between customers’ information and a breach in data is the small business’s employees. “I’ve walked into brick-and-mortar stores, into what should be a secure area—their accounting area—and computers are up and available and logged in,” says Evans. “I also see people scribble passwords down on a post-it note or desk blotter making the password visible to folks.”
Safeguard sensitive documents. When it comes to customer documents and files, don’t just toss them in the garbage; take the added step of shredding them. You also may want to think twice about storing customers’ credit card information. “Those are clients’ credits cards, you don’t need to hold on to them, and once you do, you create an enormous problem for yourself,” Evans adds.
Implement a disaster plan. Be prepared. Develop a cybersecurity strategy, do a practice run, and then train employees. “You can spend a fair amount of money on software and other security measures, security cameras, and all of that, but if you leave your back door open, you’ve wasted your money,” says Evans.
Chances are, there will always be thieves targeting customer data. But you have the power to protect your customers’ information and your future sales.