Data breach is the exposure of sensitive customer information due to hacking, theft or the accidental release of data. Business owners are expected to be custodians of customer information and have a reasonable expectation to protect their customers’ data. A data breach is impactful for all businesses, but it can be devastating for a small business without the resources of a larger corporation. In this four-part blog series, we share what business owners need to know to diminish the possibility of a data breach and its destructive impact if one is experienced.
Data breach is the exposure of customer information, and should not be confused with identity theft – which is when thieves target individuals to obtain credit card and financial information – or cyber liability, which refers to the individual targeting of businesses to steal their financial information via hacking.
Preventing data breach is equal parts common sense and technical knowledge. It’s important to take a balanced approach because neither avenue alone can address all issues. Consider these tips:
1. Remember that data breach isn’t only an electronic issue – simple theft, such as stealing a laptop or zip-drive with sensitive information on it, is a concern. Ensure that a data protection program is in place to protect against both electronic and non-electronic threats, so you can respond quickly and effectively in the event of a breach.
2. Ensure vendors only have the right amount of access. A vendor working on cooking equipment shouldn’t have access to a financial system, for instance. Monitor vendors when they’re on site as much as is reasonable.
3. Monitor internal systems and databases on a regular basis to ensure that there’s nothing suspicious going on. Data breach cases often go on for weeks or even months before someone notices, and the sooner you can put a stop to a data breach, the better.
4. Use secure passwords. Make sure any passwords on mobile devices are encrypted and strong. Read password security tips.
5. Update all computer systems to eliminate known vulnerabilities.
6. Being PCI compliant goes a long way toward preventing data breach. This means that a business is adhering to the requirements developed by the PCI Data Security Standards (PCI DSS) council. While it doesn’t completely eliminate the risk, it protects against easily avoidable threats.
7. Stay aware of changing techniques for possible data theft. Bluetooth skimmers, RAM scrapers and malware programs are three common methods that thieves use to take advantage or businesses on a regular basis, but crooks are coming up with new methods constantly. Knowledge of the enemy is important in any battle, and fighting to protect customer data is no different.
8. Educate employees. Keep them aware of the risk and exposure by communicating about the topic on a regular basis. An owner or manager can only do so much; the people in the day-to-day operations of the business also need to be aware of what to do and why to do it.
It’s important to simply think about what you could be doing to protect your customers. What are you potentially leaving open that could lead to a data breach of your customers’ sensitive information?
Excerpts were taken from the following sources. For more valuable information on data breach:
- Read this article, “Detecting and Fending Off Data Breach” published in the spring issue of Wisconsin Grocer (Wisconsin Grocer’s Association).
- Download this FREE whitepaper, “Protecting your Business: Mitigating Data Breach.”
- Data Breach Series: Top 3 Data Breach Myths (Part 1 of 4)