Anyone who followed news headlines in 2017 knows data breaches are a big problem in the modern retail and digital world. A study from IBM Security and the Ponemon Institute found that the global average cost suffered by companies who experienced data breaches in 2017 was $3.62 million. Response costs can include identifying and notifying affected customers, creating an incident response team, and paying regulatory fees.
The FCC fined AT&T a record $25 million fine in 2015 in response to a data breach affecting almost 300 thousand customers, and a piece of legislation recently introduced to the Senate in response to the 2017 Equifax breach could allow fines as high as $150 per affected customer (triggering a $1.5 billion fine for breaches as large as Equifax).
Of course, many companies don’t have quite as massive a consumer base as AT&T or Equifax, and consequently probably won’t be fined billions of dollars. But the real damage to your company from data breaches isn’t fines; it’s the long-term loss of trust your community feels toward your business.
Personal data is financially valuable, but it’s also emotionally loaded, and data breach victims can experience extended psychological fallout from having their information stolen. A recent Australian survey of data breach victims found that 8 percent are referred to mental health treatment programs as a result of personal information exposure, and at least half exhibit psychosomatic signs of stress, such as sleep loss.
You began your business to help people, not to harm them, so it’s essential that even small businesses work to protect their customer data. Here are a few of the best practices for data security:
Know Where Sensitive Data Lives, and Control Access To It
It’s a lot harder to control sensitive data when you’re not exactly sure where it is. Sensitive data such as payment details, home addresses, user profiles, and email addresses can easily get mixed up with less sensitive information during normal business activities. Put protocols in place to make sure that sensitive data is only stored in areas where full awareness and protection protocols among your employees can be used.
Several security consultants advocate keeping sensitive paper files locked in one location. The digital equivalent to this might be maintaining a private (not cloud-based!) server with well-established, constantly updated security features and limited access to authorized employees.
Secure data storage also includes secure data destruction. If you decide that some customer data is no longer worth storing, be sure the erasure process is a little more secure than tossing papers in the trash where it can easily be retrieved. Companies like Iron Mountain offer secure shredding services if you need to destroy a lot of paper documents or electronic media such as CDs at once.
Destroying virtual information can be particularly difficult–Techopedia has listed a few ways “deleted” information such as emails or hard drive files can still be recovered even if they seem gone. Do not assume deleting files preserves customer privacy–work with IT security professionals to find a more secure solution, instead.
Secure Points of Sale and Encrypt Everything
Credit card information is easily one of the most common pieces of customer data collected by small businesses, which is why point of sale encryption is essential. Digital Check explains that the most widespread card encryption protocol, Triple DES, is virtually unbreakable–but that means hackers and scammers will try to sabotage your point of sale at other unencrypted nodes, such as insecure cloud platforms or malware installed on cash register software.
Encryption of user data stored or transmitted in any other way is also key. Digital Guardian reports passwords in the notorious Ashley Madison leak were revealed to the public after hackers realized that the company’s encryption technique was flawed. Invest in encryption solutions at every data exchange point in your company.
Create an Employee Culture of Data Awareness
Possibly the strongest protection your customer’s data can have is your employees’ awareness of its sensitivity and value. Company culture is an essential component of data security–a workplace that routinely emphasizes customer privacy will lead to generally more security-aware behavior among employees. Providing comprehensive training to all new employees on handling customer data is one way to create such an environment.
Another tool is a clear data policy–one that lays out guidelines for collecting, using, and storing data for all employees and provides avenues for seeking answers when they need help dealing with data issues. Workable offers a data protection policy template that can be customized to your company’s specific needs.
Protecting your customer’s data isn’t just good business; it’s the right thing to do. And if your customers know they can trust you to protect their identities in addition to delivering quality goods and services, your business and your community relationships will only get stronger.
If you’re interested in learning more tips to help you streamline your small business management, contact a representative from Currency today.