Almost two years ago, during the height of the holiday shopping frenzy, major retailer Target was hit with a security breach. Over 110 million customers were affected — 40 million accounts were hacked, giving the Internet bad guys access to account numbers and PIN numbers, and 70 million others had their personal information compromised. Other large companies that have also suffered from major security breaches including Zappos, Michaels and the “cheating” website Ashley Madison.
Understandably, small business owners are concerned about these situations and want to do everything they can to prevent them from happening. Fortunately, there are steps you can take to create a strong security infrastructure for your business that will greatly reduce the chances of a security breach taking place. For example, consider the following tips:
When you use your company credit or debit card to withdraw money from your business account or purchase supplies, you might be in danger of falling victim to “skimming.” As LifeLock explains, skimmers are small electronic devices that fit over the card slot of an ATM or a handheld credit card device and collect your credit card number and information. To prevent this from happening, make sure your credit or debit card is always in sight and closely monitor your bank statements. If you are treating a potential new client for lunch, do not let the server walk away with your card, and if you are in a store buying copy paper, follow the cashier if he or she takes your card to another register.
Be Careful What Data you Collect from Customers.
Scammers will not impact your business if you don’t have the information they are looking for. Collect only the most vital data from your customers, and make sure that only a small group of trusted employees can access it. Keep client data only as long as you need it and destroy it as soon as you can.
Make Sure Your Website is Secure.
If you do any business over the Internet, make sure your company website requires customers to set up an account with a complex password to help protect their sensitive data. Take the steps to make sure people will be locked out of an account after a certain number of incorrect password attempts and if you keep a large amount of sensitive data on file, consider two-factor authentication for people to access their accounts.
Have a Disaster Plan in Place.
You don’t want to wait until hackers have stolen your data to decide what to do. If the worst happens and a data leak takes place, the first step is to determine which server has been hit. Once you figure this out, make a disc image of the server to preserve it in a “read-only” state. Next, report the breach to local authorities including your local police department — many cities have data breach task forces in place — as well as the three major credit bureaus. You should also report the incident to the Federal Trade Commission; they are as interested in breaches of small businesses as they are giant retailers. Once the problem has been identified and resolved, try to hack into your own system and check server logs to double check the security fixes.