January 23, 2014
Every business, regardless of size, is vulnerable to data breaches. Follow a few simple tips to lock down your data.
Personal identity theft affects millions of Americans every year. Business data breaches exact a double consequence: since companies safeguard their own data as well as consumer data, the fallout can be significant.
The Pomenon Institute estimates that in 2010, each breach cost $7.2 million. Recovering from a breach and preventing future ones costs time, money and consumer trust. This public relations disaster was evident when Target customers credit and debit card data was compromised in late 2013. Even small companies can protect their data with a few common-sense steps.
Control Business Documents
A business doesn’t have to be the size of Target to be vulnerable to data breaches. One of the simplest steps any business can take to safeguard its data and that of its customers is to employ a document management program. Business owners should:
- Limit employee access and printing of confidential data to only those with a legitimate need to do so.
- Store documents in a secure location until the specific retention period is over.
- Hire a certified shredding company to dispose of expired documents.
- Shred sensitive documents immediately.
- Don’t collect Social Security, driver’s license, or bank account numbers unless absolutely necessary.
- Store documents that you do not access regularly in a secure offsite facility. These documents may include payroll records, customer data, or employee records. Limit access to these records, because even old records can leave a door open for identity theft and fraud.
Protect Your Information
Also known as Web scraping, data scraping is the extraction of unstructured HTML data from a website. It becomes structured data when stored in a spreadsheet or database. Unfortunately, it is difficult to prevent this practice, because scrapers have the same access to your site as normal visitors. Wholesale IP address blocking may make it difficult for legitimate users to access the site, and it does not block data harvesters who use dynamic IP addresses. Even so, data scraping prevention is necessary to protect your information.
The most robust way to prevent Web scraping is to copyright your data and to add password protection to certain areas of your site. A simple way to tell if your site is being scraped is to plant unique dummy names or data in the site, which you can discover through an Internet search. This is similar to mapmakers inserting trap streets in their creations to prevent plagiarism.
Lock Down Computers
Computer storage and transfer of sensitive information is ubiquitous in businesses of every size, making protection of this data a critical goal. Be sure to attend to the basics, such as using robust password protection for computers, as well as files that contain any financial or customer information. Change these passwords at least once a quarter, and use a combination of upper and lower case letters, numbers, and special characters if possible.
Install firewall and virus protection software, and be sure to update it on a regular basis. Programs with automatic updates take the guesswork out of the process. Minimize the use of file sharing programs, which can leave your computer system open to hackers.
If you dispose of a computer, use a data wiping software program to remove all traces of information. Simply deleting a file does not remove the data from the hard drive. You may wish to hire a company that specializes in physically destroying the hard drive.
Protect Credit Card Information
If your business uses a merchant processing service for credit card transactions, you must comply with the Payment Card Industry Data Security Standard (PCI DSS). Merchants who are not in compliance are subject to significant fines and fees, as well as reimbursing fraud losses. It is an extremely risky practice to retain customer credit card information in non-PCI-compliant form. Do not load unencrypted information on any medium that can be stolen, such as a laptop, tablet, flash drive, CD/DVD, or external hard drive.
In addition to protecting customer credit card information, be sure to tightly control access to company credit cards and bank accounts. Each authorized employee, as well as management, should keep an eye on credit card statements. Setting up automatic alerts for these accounts can detect irregular or unauthorized activity when it occurs. These alerts can be sent via e-mail, text message, or through the account’s online access.
Businesses run on information, whether it is customer contact, bank, or credit card data from a sale or the company’s own internal information. Your customers and employees rely on you to safeguard their information. The increasing regulatory demands on businesses place its data in a vulnerable position, and it is essential for every company to take positive and ongoing steps to protect it. Keeping control over all data, whether in hard copy or electronic form, helps preserve money, time, and customer trust.
Peter Davidson works as a senior business associate helping brands and start ups to make efficient business decisions and plan proper business strategies. He is a big gadget freak who loves to share his views on latest technologies and applications.