The Impact of Data BreachesFrom the time that the very first computer virus, called The Creeper, was discovered in the early 1970s, attacks have increased in severity and scope. The largest data breach of all time occurred at Yahoo!, when the information for 3 billion customers was leaked. While it might seem like cybercriminals are only targeting large companies, that isn’t the case. Many will target small and mid-sized businesses that have fewer protections in place. If you think that you do not need to safeguard your customers’ personal information because you are too small to be targeted, think again.
5 Ways to Safeguard Your Customers’ Personal Information
- Limit Access: Does everyone in your business need to have access to customer information? The answer is almost certainly “no!” The fewer the people that have access to customer information, the lower the chances are that customer information will be compromised. Many leaks are due to phishing, and if all of your employees have the password to payment processing information instead of only a select few, the chances that someone will take the bait are significantly higher.
- Only Take What You Need: Do you really need all of the personal information that you collect over the course of the average transaction? When you hold on to unnecessary customer data, you are wasting your resources and energy, and also offering a wider variety of things for cyber criminals to Stop gathering information that is not essential for your business needs.
- Destroy Data as Soon as You Can: When you don’t need customer data anymore, you should destroy it as quickly as possible. Trying to safeguard your customers’ personal information should not only occur when they are your active customer, but also after their records have expired and you no longer need them. Work with a data destruction company to ensure that all digital and paper files are properly destroyed. Also make sure that your old computers, tablets, copiers, etc. are disposed of properly. There are plenty of companies specialized in processing these devices that is both keeping any remaining data from falling into the wrong hands and recycling the materials in an environmentally friendly fashion.
- Make It a Group Effort: Even if most of your employees have very limited access to sensitive customer information, all of your employees should be well aware of what practices are in place to safeguard your customers’ personal information. What should an employee do if they suspect a leak? Should they notify your IT staff if a phishing email is received? Make sure that all procedures are well-known and go above and beyond to train your employees in how they should respond. It also helps to ensure that employees understand why the commitment to safeguard your customers’ personal information is so important to your business, your customers and your employees.
- Plan Ahead: Finally, as noted above, you should have a plan in place to respond to all suspected and detected security breaches. At a minimum, your plan should involve immediately disconnecting the affected computer from your network. If a vulnerability is discovered, move to close it off as rapidly as possible. You should also determine who must be notified in the aftermath of the breach. Depending on the severity, you may need to notify law enforcement, affected customers, credit bureaus and vendors who could have also been affected.