A customer filling out a form with their personal information.

14 Ways to Secure Customer Data

Updated January 3, 2022 . AmFam Team

Your customers love your product or service, and when they buy it, they’re trusting you with their valuable personal information. Make sure you keep their trust and abide by all applicable laws by keeping these tips in mind.

It may surprise you to learn that nearly half of all cyberattacks target small businesses. One reason they make appealing targets to data thieves is that small businesses often don’t have the defense systems in place or haven’t put money put aside to effectively manage cybercrimes.

“Often, the hackers get away with it because small businesses don’t have the resources to combat it,” notes Terry Evans, president of Lighthouse Business Consulting Services (Opens in a new tab), and an expert in cyber security for small businesses.

One common way cyber attackers target small business is through spear-phishing campaigns using deceptive emails to get at sensitive information. These are emails sent to employees from known senders — they spoof an email address familiar to the recipient — and request exploitable data to be emailed back. There has been a steady increase in attacks targeting businesses with less than 250 employees, targeting small business employees specifically, according to the internet security company Norton (Opens in a new tab).

Table of Contents:

Keeping Customer Data Secure

Security Measures That Can Stop a Data Breach

Tighten Up Security on Hard Copies and Computers

Data Breach Incident Response Plan

Take Steps to Protect Your Customer Data and Your Business

Keeping Customer Data Secure

Whether you sell products at a brick-and-mortar store or through a website, the good news is knowledge is power. By now it should be clear that technological safety in today’s workplace is more important than ever. So, take these steps to keep your customer data safe. You'll not only retain more customers, but they’re also going to feel safer doing business with you as well.

Install — and update — data protection software

Running anti-virus, anti-malware and/or anti-spyware software is your first line of defense. But you must make sure it is regularly updated. “One of the problems I see with small businesses is that they buy into a product they either don’t need, don’t want, don’t understand, or they don’t use, and it just kind of sits there,” says Evans. “Or they’ll buy a product and won’t update it and then it’s worthless.” Because hackers are constantly revising their tactics, your odds of beating them are best if you update frequently. If given the option, always select the "update automatically" setting to be sure you're running the latest and greatest software version.

Use a secure network

Invest in a secure, dedicated server used only by your business and your employees. While it may be cheaper up front to share your server, by using a secure network you significantly lower the risk of leaving your customers’ information open to hacking. And always back up all your data. By having backups of everything, you won’t be devastated by ransomware, a type of malware that blocks access to your data until you pay a ransom.

Encrypt all your customer data

Using encryption technology is another way to really protect your customer’s information. Invest in the latest encryption software and keep it updated. It’s also wise to encrypt your email if you’re sending/receiving sensitive data.

Back to top

Security Measures That Can Stop a Data Breach

Almost all businesses gather and store customer information, employees, and business contacts. With data breaches on the rise, hackers are keen on exploiting any vulnerability — an easy target is frequently “easy money.” Look at these ideas to tighten up your data security, which can help deter or prevent a data breach.

Create strong passwords

Ditch the four-letter, easy-to-remember passwords. Make them strong and long. “Passwords should be at least eight characters long, but I would advocate for 13 or 15 characters,” says Evans. “They should not be a word; they should be random with symbols, numbers, capitalization, and all of that.”

Verify PCI compliance

If your business is handling credit card transactions, be sure the way you’re storing, processing, and transmitting cardholder information is compliant with Payment Card Industry Data Security Standards (PCI DSS). By implementing the basics of PCI compliance at your group, customers can feel safe knowing that their personal information is being handled securely.

Back to top

Tighten Up Security on Hard Copies and Computers

Many times, small businesses take measures to protect their digital data, but fail to work safely with physical data and the electronic devices that store this information. Look at these ideas to learn how to keep customer data secure, whether it’s a hard copy or electronic.

Destroy customer files and data before dumping

Some data breaches occur right out of your dumpster in the alley. Recycling old files and paper copies is a great practice but be sure to crosscut or shred these files before discarding. If you’re going to be reusing a computer that previously held customer sensitive information, wipe the drive clean by using software designed specifically for that purpose. If a computer’s being decommissioned, be sure to pull the hard drive and physically destroy it to protect any customer data on the device.

Only keep the customer data you need

Look at the kinds of data you’re keeping and consider whether you really need to store this information. Customer names may be important, but do you really need their birthdates? Consider purging any data that does not directly relate to your business needs. You also may want to think twice about storing customers’ credit card information. “Those are clients’ credit cards; you don’t need to hold on to them, and once you do, you create an enormous problem for yourself,” Evans adds.

Physically lock up hard copies of data

Safeguard your files, papers, and records behind a locked door. Adding additional measures like a numeric keypad or even biometric verification can really boost increase data security. It also can help to build confidence when prospective investors are touring your business.

Lock up portable media and company cell phones

Flash and USB drives should be tightly controlled. Require users to check these media in and out and be sure to encrypt data saved on these drives. Company cell phones are another potential data security risk and can expose your network to vulnerability — most frequently when these devices are charging or syncing with a networked computer. Again, installing encryption software on smart phones can help to keep your network and customer data safe.

Back to top

Data Breach Incident Response Plan

Having a plan in place when you first notice a data breach is just as important as any other preventative measure. If you’re well-prepared to respond to a breach you can lessen its impact on your business.

Get a cyber-security plan in place

Managing an emergency means knowing what to do when, regardless of the disaster type. Seek out a well-referenced cyber-security company now and inquire about a maintenance contract. They’re often able to help bolster your current data security plan and lessen the impact of an active data breach.

Put the cyber-security plan into action

You may want to consider consulting an outside expert to assess the damage and get a handle on what — and how — the event unfolded. Establishing internal processes for cybersecurity prevention and emergency response is only half of the preparation process. Practice makes perfect, and because so much of cyber-security may be difficult for your employees to grasp, it’s a great idea to have them go through a few dry runs so they’re familiar with the cyber incident process should they ever need to act on it.

Prepare for multiple points of entry

Be clear on each step to take and consider the source of the breach. You may have several scenarios that mandate a different action to be taken, depending on the breach. “You can spend a fair amount of money on software and other security measures, security cameras, and all of that, but if you leave your backdoor open, you’ve wasted your money,” says Evans. You may want to consider consulting an outside expert to assess the damage and get a handle on what — and how — the data breach event unfolded and how best to respond. Work with your security consultant to understand where the potential risks are.

Delegation is key to cyberattack prevention

Appoint an on-site data manager that can act as a point person who’ll be responsible for making decisions when it comes to customer data breaches and readiness for emergencies. High-ranking executives, senior database managers, even someone elected by your board of directors to perform this role all make great candidates.

Train staffers in customer privacy protection best practices

Often, the weakest link between customer information and a data breach is the small business’ employees. “I’ve walked into brick-and-mortar stores, into what should be a secure area — their accounting area — and computers are up and available and logged in,” says Evans. “I also see people scribble passwords down on a Post-It note or desk blotter making the password visible to folks.” Train employees about data and consumer information protection to at every entry point, from computers on-site to and cell phones. Two-factor authentication measures for off-site access to protected files can help to prevent a breach as well.as secure company data at every entry point, from computers on-site to and cell phones. Two-factor authentication measures for off-site access to protected files can help to prevent a breach as well.

Back to top

Take Steps to Protect Your Customer Data and Your Business

Chances are, there will always be thieves targeting customer data. But you have the power to protect your customer information and help ensure your future sales by taking this job head-on. While you’re building up your business’ cyber-security profile, remember to check with an American Family Insurance agent (Opens in a new tab) and review any changes that you’ve made to your inventory — even software updates and electronic purchases — that help protect you from hacking or customer data breaches. Your business will be more secure, and that’s as good as money in the bank.

This article is for informational purposes only and based on information that is widely available. This information does not, and is not intended to, constitute legal advice. You should contact an attorney for legal advice specific to your situation.

Related Articles

Related article test
  • Man sipping coffee taking a break from work to recharge.
    Man sipping coffee taking a break from work to recharge.
    Avoiding Burnout as a Small Business Owner

    It’s natural to anticipate pursuing all of the goals you have for your business. But, instead of readying yourself and your company to ramp up, consider taking a pause. A good break can help you reset, start looking towards the future and help you avoid burnout.

  • Image of an apartment complex in early autumn.
    Image of an apartment complex in early autumn.
    When Should You Invest In Rental Property?

    As a landlord, you know that an investment property has great potential. When everything goes according to plan, it can be an exceptional source of income. But seeing a consistent return on investment means you’ve got to keep a close eye on the numbers before you close on a property.

    Although there’s a fair amount of risk involved in making a purchase, you can lean on a few key rules, formulas and indicators to help guide your decision. Next time, when you’re wondering “Should you invest in this rental property?” refer to these important purchasing tips to help make the right choice — and quickly rule out real estate that may not be worth the investment.

    Start with the “One Percent Rule”

    Answer a simple question: Will your monthly rent for the space equal at least one percent of the purchase price? If your answer is yes, then your place may be able to turn a profit in the years ahead. Congrats, you’re off to a good start. Be sure that the rental’s priced competitively for spaces of similar design. Here are few other factors to consider:

    Understand the formula

    If the total purchase price of the property is $200,000, rent should be no less than $2,000 per month or one percent of the total cost. Likewise, a $600,000 purchase price for a multi-unit rental property should meet or exceed $6,000 per month in total monthly rent earnings.

    Get the purchase price right

    When factoring in the purchase price, remember to include closing costs, property taxes and insurance. One way to better estimate these costs is to use an online closing costs calculator which can approximate appraisal fees, home inspection fees, application fees, prepaid interest among a host of other out-of-pocket expenses that can up your purchase price, sometimes by thousands.

    Factor in repair costs now

    Because real estate investing as a landlord requires the space to be “habitable” upon tenant occupancy, you may need to make certain repairs or upgrades before renting the property. As a result, you’ll want to add the total cost of these repairs into the purchase price.

    Consider the “Class” of the Neighborhood

    Neighborhood classifications help buyers understand the potential return on investment in a given area. If you’re new to being a landlord, you’ve got to pay close attention to what the neighborhood’s telling you.

    One good way to check out an area — specifically if it’s an investment that requires some traveling — is to use Google map’s street view. Is trash left out on the front lawn? Do neighbors maintain their property? What can the cars parked on the street tell you about the demographic? Here are details on the four distinct neighborhood classes real estate agents use to classify a region:

    Class A neighborhoods

    High income neighborhoods, combined with a home that is move-in ready will usually get an A class rating. Because homes are expensive in these neighborhoods, and their higher than average tax burden, real estate investors usually won’t buy a home there because the one percent rule fails the test. Tenants in these areas tend to be very reliable, high-quality renters.

    Class B neighborhoods

    Typically populated by those earning a moderate-to-high income, B class neighborhoods are frequently considered a good investment for landlords and fertile ground for tenants seeking rentals. Purchasing “as is” properties that can be cheaply updated and rented above the one percent factor is typically possible here with minimal risk. These areas will usually experience increased turnover and vacancy rates.

    Class C neighborhoods

    Because the risk is a little higher in neighborhoods that land in the C class category, the opportunity to see a high rate of return on fixer-upper places is good if you buy a For Sale by Owner property, or one not listed on the MLS (multi-listing service for real estate sales). Populated with blue collar workers with relatively low-to-average income, C class areas typically have higher crime rates and under-performing schools. Landlords should expect less-than-optimal tenants and periods of vacancy.

    Class D neighborhoods

    Areas riddled with crime, properties damaged upon a tenant’s exit and high costs for property upkeep can be anticipated in D class neighborhoods. Buyers usually consider these types of purchases high risk. It should be noted that many property management companies are reluctant to accept properties to service in these areas because the risks associated with the area. Investors tend to seek properties in more stable neighborhoods.

    Use the Capitalization Rate as a Predictor of Value

    Another key way of understanding the rate of return on an investment is the capitalization rate or “cap rate” for short.

    What is a cap rate?

    A cap rate determines a profit ratio that a property can generate. It’s best used as a quick way to compare investment opportunities to determine which one is the better value. Start by dividing the total of one year’s rent by the current market value of the home which should include costs and upgrades required to get the space habitable — you can’t rent the place if it’s not livable, right? The resulting percentage is your cap rate. The higher the rate, the better your annual profit margin.

    How to Calculate the Cap Rate for an Investment Property

    Although the cap rate’s a useful tool to quickly analyze the relative value of comparable real estate opportunities, it’s used as a rough guide to qualify properties for consideration, given the state of today’s current market climate. First, estimate your property’s overall purchase price:

    Figure the acquisition value

    Simply put, this is the total purchase price. It should include all upgrade costs, closing costs, taxes, business insurance, fees, points, etc. Let’s assume a property you’re considering has a total purchase value of $200,000.

    Calculate one year’s rent

    If you’re collecting $2,000 per month, you’ll have twelve payments at the end of the year, or $24,000. This figure is your gross annual income.

    Account for half a month’s vacancy

    Because turnover typically requires some painting and repairs, it’s fair to consider that half a percent (two weeks’ worth of rent) of your total annual income will be deducted to cover the mortgage payments. Assume that your new tenant will cover the remaining pro-rated rent for the other half of that month. Once the vacancy amount is deducted, the result is your gross operating income.

    • Gross annual rental income: $24,000
    • Less the cost of vacancy: -$1,000
    • Gross operating income: $23,000

    Factor in operational costs

    These costs will include money required to keep the property habitable, like paying for trash collection, making repairs, fees from property management, and landlord insurance. Let’s put that cost under fifty percent of the gross operating income, or $9,300. Some years it will be more, some less.

    • Gross operating income: $23,000
    • Less operating costs: $9,300
    • Net operating income (NOI): $13,700

    Divide the NOI by the total value of the property:

    ---------------------  =  0.0685 or 6.85 % - That's your cap rate.

    The capitalization rate for this investment is 6.85 percent annually. If another property under consideration returns a higher cap rate like 8.23 percent for instance, you may want to explore opportunity with the higher annual yield in order to maximize your profit potential.

    What is considered a good cap rate?

    Generally, a cap rate between 8% and 12% is considered good. However, an optimal cap rate is really going to depend on several factors including location, risk and current rental income. For example, in high-demand like big cities, a cap rate of 4% may be considered good.

    Reach Out to Your Agent Today

    With so many different ways to look at profitability when determining where to invest in rental property, it’s important you do your homework before you decide to buy. And while you’re making that big decision, remember to contact your American Family Insurance agent and discuss your upcoming purchase. When it comes time to close the deal, you’ll have peace of mind that your property’s insured carefully.

    This article is for informational purposes only and includes information widely available through different sources.

  • Person at desk using internet of things to reduce business costs.
    Person at desk using internet of things to reduce business costs.
    Reduced Business Costs & the Internet of Things

    You may have heard the term “Internet of Things” (also known as IOT) buzzing around a lot lately. Catchphrases such as predictive maintenance, retrofitted sensors, and reactive technologies are humming through newsfeeds and making many entrepreneurs curious. But, is it all hype or is there measurable business value in investing in the IOT?

    “The Internet of Things is going to be a big thing for small business,” says Tim Reid, a network systems engineer and consultant for private industry and government. Referring to the concept of billions of objects being connected to the Internet, Reid points out that smaller firms will be able to cut costs and become more competitive thanks to the new technology.

    While the IOT is not a new concept, it is evolving and becoming more relevant in our everyday lives and the way small businesses get ahead.

    A study by logistics service provider DHL and IT firm Cisco predicts that the IOT will save businesses $1.2 trillion in productivity costs alone.

    Are you ready to be one of those businesses? Here are some ways that the IOT can improve your company’s bottom line.

    Inventory management. You can keep track of costly inventory – even with it being in a remote location such as a warehouse. With inventory sensors on small items or large products, businesses can reorder stock as it runs low.

    Safety compliance. “There are many local, state and federal regulations, but small businesses often don’t have the funds to hire compliance teams internally,” says Reid. IOT allows small businesses to use sensors to measure air quality, temperature, and other conditions that may be governed.

    Potential revenue stream. “The big thing about the Internet of Things is that it can be a model for recurring revenue every month,” says Reid. For example, a small business can put sensors on a product that it installs and “offer to monitor it for customers for a monthly fee.”

    Security. For years, video surveillance has utilized physical tape that could be removed or damaged. With the IOT, videos are connected to the Internet and can be viewed remotely. “Business owners can track access to their building based on fingerprints and badges. This is inexpensive and easy to implement,” says Reid. Many people are choosing security systems for protection for their small business. From the alarm system to fire, smoke, window and door sensors, you’ll gain peace of mind knowing you’re proactively protecting your business.

    Wages and labor savings. If your business monitors or repairs products for customers, the IOT can be revolutionary. Traditionally, companies send out a person to repair a product or resolve an issue on site, which can be costly. With the IOT, data can be sent from the product directly to your company’s computer. You can troubleshoot, rule out problems and make decisions without leaving your office.

    Energy management. Gone are the days of the maintenance staff going from room to room and building to building to adjust the thermostat. “It is now connected to sensors that can be controlled remotely,” says Reid. Businesses can save on energy costs by powering down when parts of their facilities are not being used. Nest thermostat is a popular smart device for energy efficiency that can be controlled from your phone no matter how far your business takes you.

    “As small businesses continue to look for ways to reduce costs and gain agility, the Internet of Things can potentially level the playing field,” Reid says. “If you pay attention, small businesses can get ahead of larger ones.”

  • Image of a vacant commercial strip mall property and parking lot.
    Image of a vacant commercial strip mall and parking lot.
    14 Tips for Securing Vacant Commercial Property

    If you’re a business owner or a commercial real estate landlord, staying in business can be a difficult sometimes. There are a lot of reasons why a commercial operation might need to close for an extended period. And in today’s challenging times, some of those reasons are simply out of your control. If your business has been forced to shut down in response to the COVID-19 pandemic, you may be wondering how to keep your property safe while you’re away.

    Protecting your vacant commercial property is all about securing the perimeter. And by installing a smart security system, you can get real-time data on the condition of your business property, whether it’s occupied or not. We’ve put together some tips to help reduce the threat of serious damage to your commercial property if you’ve found yourself temporarily unable to run your business.