By John Harris
Data breaches increased 40 percent in 2016, hitting a record high, according to Identity Theft Resource Center and CyberScout. Our increasingly mobile way of conducting business has opened the floodgates for potential security risks, making it more critical than ever for small businesses to be proactive in protecting consumer data.
Security breaches jeopardizing consumer data at large companies, such as Target and Home Depot, may make headlines, but cyber attacks on small businesses are no less devastating to business owners and their customers. In fact, small businesses may be more vulnerable to attacks because small business owners potentially haven’t thought about cybersecurity as seriously as larger companies have. That’s a problem, because 43 percent of cyber attacks target small businesses, per Symantec. The good news is that, in addition to large corporations, smaller companies have access to a full cybersecurity arsenal—from hardware to software—to protect customer data, and not all of them require a large company’s budget.
In light of National Consumer Protection Week (March 5-11), here are 7 steps you can take to protect your customers’ data:
- Educate your team. Your people are on the frontline of protecting your company and your customers. Teach your employees why it’s important to safeguard sensitive data and passwords. Outline ground rules for online activities in your employee manual and continually train your people on proper procedures. Educate your team on acceptable computer behavior and how to spot potential phishing attacks. Then, go one step beyond and establish email guidelines with your customers so they know what information you will or will not request.
- Use strong authentication protocols. Fortify your online accounts by requiring more than just a password to gain entry. Consider implementing multifactor authentication that requires one or more additional steps, such as a one-time code sent via text message. Additionally, set up a guest Wi-Fi account for visitors so they can’t access your internal files and you can control what content they can access online. That keeps your Wi-Fi password—and entire network—more secure.
- Set up a virtual private network (VPN). A VPN encrypts all the data your employees’ devices send and receive over a network. This creates a secure channel for your customers’ data, such as credit card information and passwords, and greatly decreases the risk of a cyber breach. Most businesses use a VPN to allow remote employees access to the office network or to connect several networks together across multiple offices.
- Use digital signatures. For safe online transactions and efficient document management, digital signatures are an essential tactic. They use encryption techniques to embed legal proof that a signed document is authentic and unaltered. They ensure your company and your customers can easily, securely and digitally sign documentation instantaneously from any device.
- Employ digital shredding. As transactions and data become digitized, so does the way such data is securely deleted. Secure digital shredding ensures the proper disposal of confidential data and makes it impossible to recover. And while it’s a good idea to offer secure digital shredding of documents, make sure clients first have a backup copy of any critical data. Digital shredding also helps establish a “paperless office” that is eco-friendly and saves money and space.
- Stay abreast of changes. Proactively research and be aware of new cyber threats as they evolve. Staying abreast of the latest news helps you know how to protect your company. The Federal Trade Commission is a helpful resource for businesses of any size on how to securely protect consumer data. Additionally, keep up with industry regulations as they are created or adapted, especially in highly regulated industries, to make sure your protocols and procedures are secure and compliant.
- Be transparent. When companies experience a breach in security or technology, there is a tendency to sweep things under the rug. But that’s the wrong way to go. If your business has a cybersecurity issue, communicate the problem in a timely manner—and how you’re going to deal with it—to both your employees and customers. Get in front of the issue to mitigate the potential fallout and ensure your customers that you are taking measured steps to protect their data.
The above measures are critical to any small business cybersecurity strategy. They will help you keep company and consumer data safe and reduce your risk of becoming a target and making headlines for the wrong reasons.
John Harris is the chief technology officer at SIGNiX, an electronic signature solutions provider that makes signing documents online safe, secure, and legal for any business. Learn more about what makes SIGNiX different at www.signix.com or on Twitter at @signixsolutions.