How To Keep Customer Data Sacred
Small businesses are prime targets for cyber criminals, who use a combination of tactics to gain access to sensitive customer information such as financial statements, educational credentials and recent purchases.
A study conducted by Paragon Software Group reveals that 22% of small to medium sized business have witnessed loss of data, resulting in a significant negative impact on business credibility and profitability.
And just creating a backup on an external storage such as the cloud might not be enough, because according to a report titled ‘SaaS Data Loss: The Problem You Didn’t Know You Had’, 32% of the companies who were part of the survey had suffered data loss from the cloud–food for thought.
Even a small security breach can lead to a loss of customer confidence and deteriorate the reputation of the business. This is because customers trust companies with their data and consider it priceless, so they expect businesses to do the same. This is why small businesses are advised to report data breaches to customers as soon as they occur.
However, keeping customer data sacred is not an impossible feat, and any small business can follow these measures to minimize and in some cases, completely eliminate data breaches:
1. Limit access to company data
Small businesses need to take responsibility of all the devices and locations where customer data can be accessed from, whether it’s an email account, a social media company page, a smartphone or a laptop. When employees fail to comply with protection measures, it becomes easier for criminals to gain access to sensitive information. The Cost of Data Breach Study states that 39% security data breaches that take place in U.S. involve some negligence on the part of employees.
Some employers have worked to protect against this by installing cloud based security products. Look to software providers like Trend Micro who offers security software that “lives on” and protects a cloud server while also giving real time threat protection to the devices that are connected to it.
Companies can therefore restrict employee access to company data. For example, the staff can be strictly prohibited from accessing consumer financial information through a public Wi-Fi network and accessing company social media pages from the home PC only under limited circumstances.
2. Secure business environment
Outdated security patches, weak passwords and unencrypted account information are some of the flaws that can cause a breach. An example comes in the form of Aetna Health Insurance sending out brochures to over 18,000 students, accidentally printing social security numbers instead of addresses. The error happened due to an outdated program that the Department of Student Health in the University utilized to get student information data.
Companies should therefore update security patches as soon as a new version becomes available, and if possible, use automated update mechanisms. Also, internet security software can assist in password protection and prevent information breaches from the cloud (as mentioned at the beginning). As for data encryption, companies can look into file, folder, full disk and USB encryption to increase security.
3. Provide physical protection
Businesses often neglect taking physical security measures for customer data and heavily focus on software, employee, and online protection measures, but the former is just as important. AMD’s employees stole company documents; while Dynacare’s flash drive went missing because of a stolen car.
Some physical protection measures firms can take: lock the file cabinets after office hours and during lunch time; install a security cameras inside the office; and password protect devices and flash drives.