With serious data breaches affecting a number of retailers in the past few years, you’d think that all business owners would be strengthening their security measures — but that’s not necessarily the case. In 2015, half of global cyberattacks targeted small businesses. Why? Because many small business owners don’t take proper precautions; assuming that criminals are only attracted to major corporations.
Data breaches are a legitimate threat, and their effects are both lasting and devastating. Once a breach has occurred, you’ll find yourself shelling out money to ascertain the cause, make adjustments to prevent a future breach, and provide credit monitoring for affected customers. Furthermore, once customers lose faith that you can protect their sensitive information, it can be hard to convince them to do business with you again.
So, what can be done to avoid a disastrous breach, and how can you assure your clientele that their information is safe in your hands? Well, it starts with understanding just how data breaches occur.
How They Happen
Though we tend to think of data breaches as being vicious cyber-attacks carried out by hackers, that’s only one of the ways sensitive customer information can fall into the wrong hands. Let’s look at the full spectrum.
When considering security risks, few people regard employees as a potential source of leaked information. Insider threats come in the form of malicious and/or disgruntled employees who change or delete data, steal or sell corporate information, or purposely crash systems. Though most “inside job” data breaches don’t typically result in irreparable harm, they can cause you some major headaches. If you find an employee has used customer information in an unlawful way, you will need to undertake criminal proceedings.
One of the simplest ways a data breach occurs is when someone in your organization misplaces a device (laptop, external drive, etc.). Though technological innovations have greatly improved the way we do business, the cold hard fact is that having mobile platforms means there’s always possibility of loss or theft. For the most part, encryption on the device should make it extremely difficult for anyone to access customer records. However, if the person who has come across a lost device — or flat out stolen one — knows enough about coding and encryption, they can get to it.
The methods cyber-criminals use to gain access to information are becoming more advanced, and every year they are finding new ways to exploit software vulnerabilities and break into business systems. Failing to update antivirus and encryption software, falling prey to phishing attacks, and using inadequate passwords are all ways companies continue to find themselves the victim of malware attacks. In fact, Verizon’s 2015 Data Breach Investigations Report found that 76% of network intrusions were a result of weak credentials.
How to Prevent Them
Since your customers trust you to protect their personal information, doing everything in your power to prevent a data breach is one of your top responsibilities. You can go about this by:
- Keeping security software up-to-date. Make use of firewalls, anti-virus, and spyware software. Make sure they are updated weekly, if not daily.
- Encrypting data transmission. Require encryption of all data transmissions, and avoid using Wi-Fi networks as they may allow the interception of data.
- Ensuring password protection. Implement multifactor authentication, require use of regularly changed, robust passwords, and require re-logon after a period of inactivity.
- Restricting data access. Data access should only be allowed to employees on a need-to-know basis (i.e. established upon their job role and needs.)
- Educating your employees. Offer annual training on how to recognize phishing scams, and what their responsibilities are regarding customer data.
- Implementing a BYOD policy. Protect data on all mobile devices with encryption, and utilize software that allows you to remotely wipe data from a lost or stolen device. Train employees to never leave laptops, tablet, and phones unattended.
- Securing your POS system. Any device that is connected to the internet is vulnerable. Sophisticated point-of-sale attacks are a growing threat. Make sure your POS system is protected by the same encryption and antivirus software as other devices in your business.
- Policing third party access. Establish a clear set of policies to ensure that your business partners maintain the same level of security as you do. Only grant them access to relevant files and folders.
- Keeping only what you need. Scale down the amount of information you collect from customers, keep only what is necessary, and minimize the number of places you store it.
- Destroying it before you dispose of it. Cross-cut shred paper files, CDs, DVDs and other portable media before throwing them away. When disposing of hard drives, use software designed to permanently wipe the drive, or physically destroy it.
How to Market Your Security Measures
Once you know the risks and have done all you can to protect data against them, it’s time to turn your focus to marketing. You see, data security is more than a matter of risk management — it’s also a way to reassure your customers that the trust they’ve placed in your business is justified. With data breaches affecting giant corporations like Target and Home Depot, consumers are well versed in what can go wrong when simply swiping a payment card through reader. You can take advantage of this knowledge and set your business apart from competitors by building a solid reputation for strong data security practices.
Although 80% percent of customers are more likely to purchase from businesses that they believe are protective of their personal information, marketing to them in a way they will actually absorb it can be tricky. With most consumers barely glancing at privacy policies when purchasing products online, it’s necessary to display your security measures in as many places as possible. Include this information on the about page of your website, in pamphlets in-store, in your newsletter, and in advertising copy. Make sure they know that securing their private data is a top priority.
Cyber-criminals are getting smarter and human error is making it increasingly more difficult for companies to keep up with the threats posed. However, by knowing how data breaches occur, how you can prevent them, and advertising your efforts to your customers, you can protect yourself and establish a competitive edge at the same time. Two birds, one stone — that’s just smart business.