10 Easy Steps to Protect Your Customer’s Data
In 2019, 47% of breach victims were small businesses. This should raise a few eyebrows because there is an assumption that larger businesses are the number one target of hackers, but that is far from reality. 52% of these breaches featured hacking, 28% involved malware, and 32% involved phishing or social media engineered attacks. How does one defend one’s customers and business in the age of the internet? Trust means just as much if not more than it did back when mom and pop stores and one-on-one interaction was all that we had. You can lose your customer’s trust very easily if their private info gets stolen or leaked, even if it’s another company that made the mistake. Not only is there a loss of trust, but a monetary loss as well. Your intellectual property and reputation are worth so much that any breach could result in declining income and profits. So today, we’re going to go over some best-practices you can adopt to make sure your customer’s private info is safe and secure.
Step Number 1
The first step is the most simple, but make sure you’re always up to date on your anti-virus software. Furthermore, when a company releases a patch or update for your software or operating system, it’s usually because they’ve patched a vulnerability. Do not use outdated software if your computer is connected to the internet, period.
Step Number 2
Collect only what is needed. Having profuse and superfluous amounts of information (depending on the type of business you’re conducting) isn’t always the best idea. Less information means that there’s less to steal and makes you and your databases less of a prime target for hacking. If you only need a name, email, and bank info to conduct your business, then only store that data. Furthermore, delete earlier and often. Keeping information around that doesn’t benefit you can only hurt you and your company.
Step Number 3
Follow the “least privileges” guidelines. “Least Privileges” means the least amount of people within your company have access to the least amount of data for the least amount of time. Any unnecessary or unauthorized access should be completely shut down, and the passwords to your various databases should not be accessible except by upper-level employees or managers. This ensures that need-to-know info is kept safe from everyone except those who require access. Less access means fewer mistakes and the benefits far outweigh the negatives.
Step Number 4
Use pop-up blockers. Adblock works well for blocking pop-ups, and Google Chrome has built-in pop-up blocking features, as do most internet browsers. This immediately cuts out a large swath of potential spyware and malware that could infect your machines and makes browsing the internet more pleasant in general.
Step Number 5
Use caution when installing apps/software from the internet. Unless the software has been tested offsite or comes highly recommended from a trusted source, always use first-party sites and software. Also remember that when the product is free, you are the product. Lots of programs have built-in reporting functions worked into the fine-print. You never want to use something that could be reporting or recording information from your work machines.
Step Number 6
Confirm updates and software with your IT department. Before downloading something new onto a work machine, consult with your in-house professionals. Inexperienced interns and even higher-level managers could potentially infect an entire system and cause breaches in security by attempting to download what they believe to be an amazing work tool. It never hurts to pop in and ask a question before making alterations to your work computer.
Step Number 7
Be careful when connecting to public wi-fi, and advise your staff to avoid the practice altogether. One of the main ways you could become compromised by connecting to public wi-fi is “malicious attacks through ad hocs. Ad hocs are peer-to-peer networks that connect two computers directly. When remote workers use a public Wi-Fi network, their devices are likely to be set to discover new networks, making it possible for hackers to connect directly to them.” Source
Check out this article to see other risks involved in connecting to public wi-fi. In public, privacy shouldn’t be assumed.
Step Number 8
Back up your data and make sure those backups aren’t always connected to your main network. Be sure to have off line backups that are properly air gapped from production systems and networks. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too. This will allow you to be able to recover to an earlier point if your computer or phone becomes infected. It’s advised to backup your devices monthly if not more to make sure you don’t lose too much if you’re forced to time-machine or recover (depending on your operating system).
Step Number 9
Make sure to change compromised passwords right away, and don’t use them for any other accounts. If you think that you’ve been hacked, don’t delay in changing the passwords for all of your accounts and have your team members do the same. A good rule of thumb is to not use the same or even similar passwords for multiple accounts. If you do, those accounts will also be open to attack if one is compromised. Creating passwords is important, and a password manager might be something your company needs if they’re using a decent number of programs and databases. Here’s a list of good password managers.
If you’re a mac user, Safari manages passwords wonderfully and also generates complex and practically unhackable passwords.
Step Number 10
Finally, make customer privacy everyone’s top priority. The goal of every business is to provide a service and make money, but part of that goal is also customer satisfaction. If a customer is satisfied, they’ll be more likely to recommend your company, and keeping their information secure is usually second only to receiving the offered service in a prompt and timely manner. Make sure that you regularly talk to your employees about customer privacy, and create a culture that values safe practices.
We hope this list will help your company succeed in the coming months and years to come. With everything being moved even more online, it’s important to adopt some of these best practices early so that you don’t succumb to the inevitable increase in online attacks. Follow these steps, and you’ll be well on your way to protecting and securing your information.