10 Rules for Protecting Your Customers’ Data
How can you safeguard your clients’ most valuable information?
Credit card numbers. Banking accounts. Social Security numbers. Health insurance and records. Identifying personal information. Your business keeps much of the same confidential information on customers that Target and Home Depot do.
Put yourself in a hacker’s shoes. What type of company is more likely to be an easier target? A big box chain with vast resources to invest in security or a small business with lesser means and a potentially more vulnerable network? Exactly. Hacking is a crime of opportunity.
Though companies like Target and Home Depot take significant reputational hits and financial losses over a breach, they’re more likely to recover than a small business.
Don’t make the mistake of believing that your small business is so small that it is off hackers’ radars. It’s reported that over 50 percent of all small businesses surveyed reported a security breach at some point, and the average security breach costs these businesses $9,000 on average. This does not take into account loss of sales or damage to reputation. Research shows that 60 percent of compromised businesses close their doors within a year of the breach.
Those that do survive take big company security rules and apply them to their small businesses.
Realize the value of your customers’ data // Your data is just as valuable. In fact, data is your most valuable asset. It’s just as attractive to hackers as data stolen from larger companies is. Hackers earn more selling credit card and Social Security numbers, but names, addresses and phone numbers sell too on the black market.
Put an official security policy in place // Even a company with a handful of trusted staff needs a security policy that covers smartphone and laptop access to company networks.
Continually educate employees on security // When employees know the warning signs and how to avoid risks, they’re less likely to make mistakes that lead to a data breach.
Never underestimate the power of strong, unique passwords // “Companyname123” does not a strong password make. Nor does allowing multiple employees to use the same login credentials for years at a time. Require passwords to be changed frequently and meet minimum standards (combination of characters and numbers, etc.).
Control and restrict access to your network // Clients. Employees. Vendors. Anyone logging on through your website using their own devices puts your data at risk of breach. Since you can’t ensure every device is secure, a separate virtual private network can offer access without potentially exposing your data.
Code and track all IT equipment // All IT assets should be coded with a serial number at purchase so they can be tracked from beginning to end of their lifecycles. Tracking provides evidence of chain of custody should you need to prove possession or determine whether or not a breach has occurred.
Plan for safely and ethically retiring equipment and data // Have a safe and ethical plan for securing data when IT equipment is retired. Throwing computers, hard drives and such in the dumpster or hiring a guy with a truck to haul them away puts your company at risk of breach.
Invest money in data security as a cost of doing business // A recent case against a health care company ruled that customers have a legal right to expect companies they do business with to allocate a reasonable percentage of funds toward data security as a cost of doing business. The ruling sets a precedent for companies across all industries that collect regulation-protected data.
Remember that data stored on leased equipment is still your responsibility // All companies must ensure protected information is properly removed or destroyed from all IT assets prior to disposal, even if the lessor or other third party handles the disposal. The IT asset may be the lessor’s, but the data it contains is the lessee’s responsibility to protect.
Partner with a highly certified IT asset management and disposition firm // The solution to avoiding data breaches and the direct, indirect and opportunity costs associated with them is to partner with a highly certified, reputable IT asset management firm that customizes ITAD plans to your business and industry. The value of having a trusted partner cannot be overestimated, especially for companies in heavily regulated areas like communications, transportation, pharma, finance, education and health care, which have higher breach-associated costs.