Securing customer data has to be one of the top tasks for small business owners in 2017.
We are all well aware that cases of breaches in small business security, a well as ransomware cases have been too numerous, having a negative impact on customer data. Ensuring the safety of the personal data of your customers is your responsibility.
Below we have outlined 5 ways to make sure your small business is caring for the privacy of customer data
FIRST UP IS SECURITY
Prior to any decision-making about processes to use and marketing options available, ensure that all information you acquire is absolutely necessary.
The problem can often have its roots in customer data being an afterthought. Work out what information you really need, before you start asking for a long list of details from the customer. Granted, an email address may be necessary, but can you say the same for a social security number, family details and a social media profile?
KEEP THE ACCESS LIMITED
Since there is an importance on keeping sensitive data private, the next thing to consider is; who is going to have access to the data?
You are responsible for taking reasonable measures to secure customer data, the first step in this pursuit is liming the number of employees who can access the data. Twitter provides an example of how this can play out. The FTC came down on them for giving administrative access to a large number of employees, in fact almost all of them. That means that it only takes one employee to have compromised credentials and a hacker could gain access to the Twitter account of every member.
PASSWORDS MUST BE SECURE
If you are dealing with sensitive customer data, it’s vital to ensure that all employees who have access to the data have strong passwords in place. Each password needs to be stored securely, be complex in nature and be unique.
During the Twitter investigation, the FTC found that employees were able to use regular words as their passwords. It’s important to remember that it is a lazy approach like this one that resulted in over 100,000 IoT (Internet of Things), devices being hacked during the DDoS attack in October, internet services were shut down in areas of Europe as well as the US. The website becomes easy to hack when passwords and admin usernames are not strong or are easy to guess.
DATA NEEDS TO BE ENCRYPTED
Sensitive customer data should not be left out for anyone to read. To store and transmit sensitive data, encryption should be used. While this has to be one of the most common tips for small business when it comes to security, a lot are hesitant to put it into action, feeling that is will be too expensive or too difficult a task.
In reality, this does not need to be the case. The best VPN services can provide excellent protection. A VPN is responsible for the establishment of a safe encrypted connection, it then sends the traffic to a VPN server. In addition, the user identity is hidden, this makes the life of a hacker more challenging when it comes to both tracking and intercepting the traffic.
For the high security level that VPNs provide, the monthly fee is a small amount.
REMOTE ACCESS TO YOUR NETWORK SHOULD BE CARRIED OUT WITH CAUTION
Remote access, that being the ability for a user to have access to the network without actually being at the office, causes many data breaches. This is especially the case for companies who have home workers, or employees who live in various locations. Making sure the appropriate endpoint security exists is generally the issue. During an investigation of Dave & Buster, the FTC found that the company did not have a limit on its network for third party access. This in effect gave a hacker an open door to come and go as they please, taking personal information with them.
Again, a VPN is a simple fix to this problem.
A VPN is like having only one entry point, rather than allowing numerous point to exist, each representing a potential security breach. This means that users will need to go through the VPN before they have access to the network.
Strong and secure servers make the breach of a private network a much more difficult task.
All small business should consider the above 5 vital security tips for ensuring the safety of sensitive data. It is your responsibility to protect the data you collect and store.