Do you think your business is immune from a data breach? You might not want to hear it, but your business is just as vulnerable as any major company that had a data breach in 2017 (think Chipotle, K-Mart, Equifax, Whole Foods, HBO). In fact, 90% of data breaches impact small businesses.
Here are eight basic tips for protecting your business from a data breach:
1. Protect your network
The most important thing you can do to protect your business is to require a password to gain access to your Wi-Fi network. Your cyber network should also be enforced with reputable software for virus, malware and ransomware protection. Be sure to run an antivirus scan after each update.
2. Review your current cyber security policy
It is crucial to evaluate your current cyber security policy before it’s too late. Make sure you have procedures in place if you notice suspicious online activity. The cost of a cyber security consultation is nothing compared to the ramifications of a data breach.
3. Go over security protocols with your employees + limit access
Your employees should be trained to know what a suspicious email or webpage looks like, and what to do if they notice suspicious online activity. You should also be cognizant about which employees receive access to sensitive information. If your employees use their own computer at work, make sure a procedure is in place to clear all data from their computer if they were to leave the company.
4. Be smart about your passwords
Hackers were able to break into Equifax’s systems because they were able to guess the username and password, which was “admin and admin” respectively. Make it a habit to not only have a strong password, but also to change your password every couple months. You can also use a security key that plugs into your USB and generates a new password for one-time use.
TIP: Strong passwords are comprised of upper/lowercase letters, numbers, and special characters that do not make an easily-guessed word. The most crucial part of a strong password is using an obscure word. Your network administrator can enforce this policy.
5. Upgrade to an EMV chip reader
Implementing an EMV chip reader is the safest way to accept credit cards at your business. By adding a chip reader, you are able to protect against counterfeit cards by verifying the cardholder’s identity. This is done through the process of tokenization, where a customer’s credit card data is removed from a company’s internal networks and replaces it with a unique, generated “token”. Merchants use only the token to retrieve, access, or maintain their customers’ credit card information. Meanwhile, their customers’ real card data is stored at a highly secure, offsite location. However, if you have a bad terminal, EMV is still a risk.
6. Develop a data breach response plan
No one wants to think about the possibility of being victim to a data breach. However, being unprepared can lead to major ramifications for your business, especially if you store your customer’s personal data. Without a proper plan in place, data breaches at businesses can result in lost sales, reputation damage, fines from data protection authorities, along with any other expenses like security consultants/lawyers fees/security improvements. Make sure to notify your insurance provider and customers, change passwords, and always back up your data.
7. Get Cyber Liability Insurance
As mentioned above, the cost of a data breach to your business can be substantial. Cyber liability insurance covers business' liability for a data breach in which the firm's customers' personal information is exposed or stolen. Don’t be that business owner who knows the risk of data breaches, but still refuses to get the protection their business needs.
8. Ensure PCI Compliance
PCI Compliance is the minimum-security standards developed to ensure that all companies who accept, process, store, or transmit credit card data maintain a secure environment. If your business intends on accepting credit cards, it MUST be PCI compliant. Even if you’re using a third-party payment processor to store data, you’re ultimately liable for your company’s compliance.
Special thanks to guest contributor Dave Herrera, Digital Solutions, Inc.