By now, everyone has heard about how Facebook, the largest social media network, was the vehicle for Cambridge Analytica to gather targeted information about more than 50 million Facebook users. The true impact of this scandal is difficult to measure, but it has definitely raised public awareness of the potential cost of data breaches.
Many businesses have been held financially accountable by courts for the cost of data loss that harms customers. Businesses have a responsibility to protect a customer’s information just as carefully as they protect their own trade secrets.
Not sure how to start with keeping data safe and secure from breach? This will get you started.
What data does a company keep?
The first question each company needs to ask itself is what data does it keep – and why? If you run a small online store, you may want to let customers store their credit card numbers to make their next purchase easier.
But once you collect and store that data, you are responsible for keeping it safe. When companies decide instead to not maintain the data – or to outsource the storage to a third party company, like Paypal, businesses can protect themselves from liability.
Businesses also need to consider data that is relevant to business operations. Items like business plans and HR databases also need to be protected. In terms of the information businesses maintain for their own use, it’s a good idea to start with an audit. Again, determine which information is necessary to keep. Then, decide what information is confidential – and how to protect it.
Who has access to data?
One important step to protect data is to limit who can access it. No one but Human Resources should be able to access personnel information. There’s no reason for anyone outside billing to have access to payment information. Only customer support and management teams should be able to review client data.
Particularly in small businesses, where there are only a few employees, and there may not be a full-time IT staff, it can seem simplest to just tell employees not to access anything that isn’t relevant to their job. This is very risky, however; more than one employee has stolen information on their way out of a job with the intention of selling business information to a competitor, for example.
Can an outside company protect data better?
One real question businesses need to ask themselves is whether or not they have adequate resources to protect the information they collect. Small businesses that have just a handful of computers on a LAN may not need a full time IT person to keep things up and running, but it can take someone with special training in internet security to keep important data protected from those who want to steal it. With the growing availability of online services, there are more and more companies who will protect your data in the cloud.
Most of these companies will charge a monthly or yearly fee with scaling costs depending on your needs. This may be much more cost effective for smaller businesses than maintaining an IT team.
Do employees understand importance of data protection?
We often think of hacking the way it’s shown on TV: nerdy characters clacking furiously at keyboards, trying desperately to thwart an attempted hack. In real life, hacking basically never looks like this.
A data breach is rarely sophisticated. Take the example of Cambridge America; the company created entertaining quizzes and games and got people to give them permission to access their data; most consumers even considered what they were offering up to find out what flavor of sandwich they were.
Phishing emails and fake email attachments have been hackers’ best friends for nearly a decade, and they continue to work. Banner ads and other popups online can also have embedded malicious code. Companies can make huge strides in preventing data breach by simply impressing on their staff the importance of avoiding these vulnerabilities.
Don’t open an attachment you don’t recognize, don’t reset your password because an email tells you to, and avoid non-business related websites when you’re at work. Make sure they understand that these are the primary tools that hackers use to breach data, and that when this happens, the entire company can be put at risk.
This, and keeping virus software up to date, can take a small company much of the way towards protecting their information.
Your business may not be the next Cambridge America target, but data theft is becoming more common with each passing year. Protect your company and your customers’ data by implementing these easy steps. Your reputation and your financial health will benefit.