Cyber Crime: How to keep customer data safe
Cyber crime is a serious concern for business owners in this modern digital age. Hackers are good. Really good. So how do you stay one step ahead?
Recently IBM Chair, CEO, and President, Ginni Rometty, called it “the greatest threat to every company in the world”. According to Juniper Research, by 2019 cyber crime will cost businesses a staggering $2 trillion. $2 trillion – WOW.
Personally, we think it is impossible to put a dollar value on what your customer data is worth – or the cost to your business should sensitive data be compromised by theft or loss. It is not just the financial impact – but brand reputation, damage control, employee retention, loss of clients – just to name a few of the consequences. For many small companies, a security breach could simply mean the end of the business.
If you don’t already have a data security plan in place, these tips will help you take steps to prevent a devastating loss or to handle damage control should you be faced with a data breach.
Protect your company’s information assets
Given what’s at stake, every company should prepare a data security plan that identifies their digital assets – that is, hardware that stores private customer and employee information. Your plan should also outline potential threats to keeping information assets safe, and strategies to protect them.
Your information assets may include:
- computers
- tablets
- mobile phones
- servers
- USB keys
- employee devices used for work
In addition to taking stock of the information assets, your security plan should outline your strategy for protecting data by asset, prioritised by severity of loss in a security breach.
This free cybersecurity self-assessment can help you determine the strength of your internal cybersecurity processes – a useful starting point to develop your company’s security plan.
Move to cloud-based storage
Storing company data in the cloud is one way to minimise the risk of customer data loss by keeping sensitive information off devices.
Cloud storage providers offer secured data centres, encryption, and authentication for your company data, as well as trained professionals working around the clock to keep your data safe from cyber attack.
Another benefit to cloud-based storage is that employees can log in securely to access customer information – a much safer option than transferring data over email or downloading to computers, laptops, or mobile devices.
With cloud based storage, you still need to have a policy around how the program is used, what password security considerations are required and monitor who has access to login to these programs.
Set rules for company devices
Many small businesses rely on tablets and mobile phones to conduct day to day operations. Unfortunately, these company devices pose a serious threat to customer data if they are lost, damaged, or stolen.
Protect customer data with encryption, and be sure to install tracking software, update anti-virus protection regularly, and wipe data remotely from lost or stolen devices.
Talk to your employees about the importance of keeping customer data private and secure, and consider implementing these security guidelines:
- All employee passwords should be unique, difficult to guess, and re-set frequently (we love Lastpass for our internal password management program).
- Files should not be downloaded from the cloud to company devices, nor should apps that may carry malicious codes or security flaws
- Personal devices should not be used for work
- Employees should get into the habit of logging out of apps and programs on portable devices to ensure if those devices are lost, full login would be required to access any data.
Limit customer data access
Ensure only employees who need access to customer data in order to perform their jobs can do so and they should always access the programs required from their own login.
Sharing user names and passwords – well you may as well just write the details on a sticky note and stick it to the corner of your computer for all to see (*sarcasm here…please don’t do this!).
Take advantage of software settings that “lock” customer data by user, and disable access rights whenever employees retire or move on to a job at another company.
Most accounting software providers enable you to review who is logging in and how frequently, and this audit trail should be checked regularly for any kind of abnormal behaviour.