Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

7 Security Practices to Protect Your Business's Sensitive Information

business.com editorial staff
business.com editorial staff

Information security can make or break your business.

  • Information security issues have a major impact on a business. Loss of revenue can result from remedying the problem and damage to your brand's image.
  • The average cost of a data breach as of 2020 is $150 per record.
  • Businesses are expected to remain proactive to prevent information security problems including routinely updating cybersecurity tools.

You don't need to look far to see the repercussions when a business fails to protect sensitive information. Equifax's recent data breach was a massive blow to its reputation and its stock.

Data breaches and fraud are problems for businesses of every size, affecting over 25% of businesses with an average fraud loss of $38,000. That's enough to push many small businesses into bankruptcy.

Types of security risks businesses face

According to the U.S. Government Accountability Office, more than 35,000 security incidents are reported annually to the Department of Homeland Security. The most common types of security incidents belong to email/phishing scams, device/computer hardware theft, and unauthorized users of the network.

Hackers are responsible for the majority of information security breaches. Cybercriminals look for ways to make monetary gain from businesses by using malware and phishing scams to collect sensitive data. The cost to remedy a data breach can be astronomical. Large companies who have to deal with major data breaches have paid out millions to specialists to become compliant once again. According to IBM Security, the average cost of a data breach in the United States is $150 per record.

To lower your risk and keep sensitive information safe, follow these essential security practices.

1. Only save what's necessary.

The more information you collect about your customers and employees, the more you need to protect them. Companies often save more information than necessary, and their customers are the ones who suffer if a data breach occurs.

To limit what hackers could steal, only save the information you absolutely need to run your business. Avoid collecting anything extra, and if you only need information temporarily, get rid of it properly after you've used it.

2. Keep an information inventory.

Laptops, smartphones, tablets and flash drives provide plenty of convenient ways to store and transfer information, but this also results in more opportunities for data to fall into the wrong hands. 

Keep track of what information you're storing, where you store it and who has access to it. Make sure this information inventory includes both electronic files and physical documents with sensitive information. 

3. Stay up to date with your cybersecurity. 

There are quite a few cybersecurity programs that can protect businesses of any size from malware and other threats. Look for a paid program that can secure your network and every device on it. The money you spend is well worth it, as a breach could cost you much more.

Once you have your cybersecurity program in place, install all updates immediately. The Equifax breach, which affected 143 million people, occurred because, apparently, the company failed to update Apache Struts, according to sources who spoke to Bloomberg.

4. Store physical documents securely.

Cyberattacks may be a more common threat, but lost or stolen documents can be just as bad. Whenever documents contain sensitive information, it's important to keep them safe from prying eyes.

Store documents in a locked file cabinet or room that only your most trusted employees can access. Dispose of documents by running them through a shredder. 

5. Pay for expenses with a business credit card.

For business expenses, the best and most secure payment method is a business credit card. Most will have zero-liability fraud protection, and if you need to dispute a transaction, you won't be out any money during that process. You can set sending limits on employee cards and receive immediate notification of any transaction via text alerts. 

Any payment method has its risks, but credit cards have the most safeguards and security features. Security isn't the only benefit of business credit cards, as they also provide detailed expense reports and the opportunity to maximize your travel rewards.

6. Set internal controls to guard against employee fraud. 

Regardless of how much you trust your employees, it's wise to use internal controls to limit your employee fraud risk. Otherwise, employees could misuse company funds or steal customer information.

Limit each employee's access to only the information they need for their job. Make sure your systems log what information each employee accesses. Set up segregation of duties to prevent any single employee from having too much responsibility. For example, instead of having one employee make purchases and go over expense reports, split those tasks among two employees. 

7. Plan your response to data breaches.

You always need to be prepared for a worst-case scenario. How you respond to security incidents can be the difference between a minor data loss and a costly breach. Your plan should include the following steps:

  • Close any holes immediately. Disconnect and shut down any compromised computers, and stop using any compromised programs.

  • Notify the appropriate parties. Depending on the information that was stolen, you may need to let customers and law enforcement know about it.

  • Investigate what happened. Conduct an internal review or hire an agency to find out what went wrong.

Giving your business maximum protection

Preventable security issues have brought down many small businesses. Although you can't eliminate the possibility of data breaches or fraud, with the right security practices, you can reduce their likelihood and minimize the damage if one occurs.

Image Credit: andrei_r / Getty Images
business.com editorial staff
business.com editorial staff
business.com Member
See business.com editorial staff's Profile
The purpose of our community is to connect small business owners with experienced industry experts who can address their questions, offer direction, and share best practices.