Unlike in the past when data thieves only targeted large organizations, today all types of businesses are at risk. These days, your average nail salon is just as vulnerable as the multinational corporation down the street. The truth is that if you accept credit cards, you are automatically a target. And being a small business does not make you any less prone to attack; it actually makes you an enticing and easy target.
Small business owners are less likely to think of data security, and data thieves know this. This is in stark contrast to large corporations that have the know-how and resources to secure their data. Fortunately, preventing a data breach is not difficult. Here are tips on how to do so.
1) Vet Your Employees
Most data breaches are inside jobs. Although some employees are directly involved in compromising data protection, such cases are few in number. In the majority of cases, employees are unwilling participants in the breach: they can lose a mobile device containing sensitive data or be the unwitting victims of a phishing attack.
According to Michael Kaiser of the National Cyber Security Alliance, entrepreneurs should limit access to sensitive data. Access must only be on a need-to-know-basis. Stuart T. O’Neil of Burns White LLC law firm recommends performing criminal background checks on potential employees. You never know who you might be hiring.
2) Improve Physical Security
How and where you store your data is crucial to its security. For storing paper records, Rob Reynolds of the locksmith group Pop-A-Lock recommends a fireproof filing cabinet that is bolted to the floor. Anchoring the cabinet prevents thieves from carrying it away. If your point-of-sale has a credit card reader that works with a tablet computer, do not leave either of them lying around.
An enterprising thief posing as a customer can yank the tablet out and make off with it. To prevent this from happening, anchor it to the counter with bolts if possible. Next, secure the storage location and point-of-sale with security cameras. Finally, install electric doors that you can lock or unlock with remote buzzers. The last thing you want to do is leave a door unlocked if you work late into the night.
3) Use Secure Computers
If you use your computer to store client data, make an effort to secure it. Lance Spitzner of SANS Securing The Human offers advice on how to go about it. First, take control of the admin account to prevent employees from installing software without your approval. They should only use standard user accounts.
Second, Spitzner recommends updating your operating system and anti-virus (AV) software. Third, use strong passwords (with two-step verification where possible). Also, never use default passwords or ones that are easy to guess such as your name, that of your business or a birthday.
4) Keep Credit Card Data Safe
To keep unauthorized persons from accessing credit card data, never take the responsibility of storing it upon yourself. If you do so, Spitzner says you must hire a security expert if you are to comply with the strict industry standards on credit card data security. Instead, he advises outsourcing all credit card handling to a specialist company. Spitzner offers the same advice if you handle online payments and bookings. Outsource such services as well to ensure data protection.
As incidents of cybercrime increase, implementing safeguards to keep data safe is now a priority for any business. And it does not have to be difficult. Simple things like limiting which employees handle sensitive client data and doing a background criminal check on potential hires are good places to start.
And so is improving the security of your business premises, computer networks, and credit card data. But, if a security breach occurs, seek professional help to reduce the damage, and inform the affected clients and law-enforcement.