Data breaches are quite common in today’s business world. Cyber criminals become savvier every day and many businesses are lagging behind on security. But you don’t have to sit back and wait for trouble. With the right plan in place, you can proactively protect your customers’ information.
Data Security is a Responsibility
In a world where everyone wants to deflect blame and accept as little responsibility for their actions as possible, it’s refreshing to see a company like Savant owning up to an issue that’s long been a point of contention between businesses, consumers and the regulating bodies that oversee the relationship between these groups.
Savant, an industry leader in financial planning, clearly lets customers know where the company stands by displaying the following statement:
“Savant understands that you have entrusted us with vital personal information. We want you to know that we take our responsibility to protect your information seriously. Savant regularly reviews and evaluates both its privacy and security policies and adapts them as necessary to deal with the constantly changing data security landscape.”
While the Federal Trade Commission (FTC) obviously has rules in place regarding what information a company is prohibited from sharing with other organizations or individuals, there are gray areas in many industries regarding the responsibility of customer information stored in systems, spreadsheets and programs.
For example, what happens if information is stolen in a ransomware or phishing attack? While there’s a lot of conversation about these issues in regulatory circles regarding what companies are technically required to do, there should be no question that organizations are morally responsible for protecting information that customers have provided in confidence.
Think about it like this. Let’s say a dear friend of yours confides in you that he recently purchased the winning lottery ticket for $450 million, but isn’t quite sure what to do yet. He doesn’t want the media plastering his name and photo all over the place and decides to lay low for a few days. He even gives you the lottery ticket to hold, out of fear that one of his roommates might find the ticket and piece everything together.
In this fictional scenario, it isn’t enough for you to just hang onto the ticket and do the right thing by not telling anyone. You’re also morally obligated to protect the ticket/information. This requires preemptive measures, such as locking the ticket away in a place where nobody can access it. If someone discovered the ticket and went running to the local press with it in hand, you would’ve failed to live up to your duty.
Safeguarding customer information is a lot like this. It’s not enough to just hang onto it and avoid knowingly giving it out to third parties. You’re also obligated to protect it from cyber criminals and outsiders with malicious intents.
Four Ways You Can Protect Customer Data
Much like Savant, it’s important that you regularly review and evaluate your privacy and security policies so they can be adapted to deal with changes in the evolving security landscape. Not sure where to start? Here are some suggestions that you should find useful.
1. Use Dedicated Servers
When money is an issue, many small businesses resort to using a shared server to host files. For the most part, there’s nothing wrong with this. However, one of the shortcomings is lack of security. People outside of your organization have access to the server, which opens up new points of vulnerability.
While a dedicated server costs substantially more, you can take a proactive step towards protecting your customers’ data by investing in your own server. This one step alone will significantly enhance your overall data security.
2. Invest in Data Encryption
If you haven’t updated your encryption technology in a couple of years — or if the word encryption is totally unfamiliar to you — then it’s time to modernize your approach to security. Businesses that don’t prioritize data encryption are much more likely to have data stolen and compromised by attackers.
Thankfully, there are a variety of ways to cost-effectively encrypt data. Make sure you’re staying on top of these new trends and applications so that you’re above reproach.
3. Create a Disaster Plan
While every company hopes disaster never strikes, the likelihood of a data breach is actually quite high. It was reported in 2016 that two-thirds of large businesses in the UK suffered cyber attacks within the previous year. One would have to assume that the numbers are similar stateside. Then consider that the proportion of attacks on small businesses — who are seen as more vulnerable — is steadily growing.
While better protection obviously plays a role, you must have a plan for how you’ll respond in the unfortunate instance that disaster strikes. A concrete disaster plan is a good place to start. Another smart piece of advice is to have a response team ready to deploy.
“Depending on the size and nature of your company, [the team] may include forensics, legal, information security, information technology, operations, human resources, communications, investor relations, and management,” the FTC suggests. “Consider hiring independent forensic investigators to help you determine the source and scope of the breach. They will capture forensic images of affected systems, collect and analyze evidence, and outline remediation steps.”
4. Implement Better Password Policies
Does your business have a formal password policy? If not, you’re exposing your company’s private data to unnecessary risk. Most hacking still happen via stealing or guessing a company’s login to a particular system or program and using it to gain access to data. For each employee that has an account with your company, that’s another potential entry point.
The first thing you can do is require complex passwords. Something like “password” or “1234” isn’t adequate. You should require employees to include characters, numbers, symbols and uppercase and lowercase. For very important accounts, it’s also a smart idea to implement two-factor authentication.
“While password complexity is a common focus of password policies, that’s probably not the most effective to prevent brute force attacks,” IT pro Sam Narisi notes. “Some experts say that it’s more important to require accounts to lock after a certain number of failed log-in attempts.”
Ideally, you should use a combination of these strategies and create a password policy that makes it nearly impossible for a hacker to gain access to customer information.
Data Security: A Worthwhile Investment
Data security isn’t a buzzword that you can ignore. If you do, you’ll eventually find yourself with a target on your back. You have a moral and, in many cases, legal obligation to protect your customers’ data. This means taking a proactive stance and preventing issues before they arise.
Make data security a focus in 2017 and you’ll feel better prepared for the ever-changing landscape that is cyber security.
Digital Customer Photo via Shutterstock