You have a responsibility to your customers and your business to keep all sensitive data secure. Here are seven best practices to secure your customers' and company's information.
You don't need to look far to see the repercussions when a business fails to protect sensitive information. Equifax's recent data breach was a massive blow to its reputation and its stock, which dropped 33 percent in a matter of days.
Data breaches and fraud are problems for businesses of every size, affecting over 25 percent of businesses with an average fraud loss of $38,000. That's enough to push many small businesses into bankruptcy. To lower your risk and keep sensitive information safe, follow these essential security practices.
1. Only save what's necessary.
The more information you collect about your customers and employees, the more you need to protect. Companies often save more information than necessary, and their customers are the ones who suffer if a data breach occurs.
To limit what hackers could steal, only save information you absolutely need to run your business. Avoid collecting anything extra, and if you only need information temporarily, get rid of it properly after you've used it.
2. Keep an information inventory.
Laptops, smartphones, tablets and flash drives provide plenty of convenient ways to store and transfer information, but this also results in more opportunities for data to fall into the wrong hands.
Keep track of what information you're storing, where you store it and who has access to it. Make sure this information inventory includes both electronic files and physical documents with sensitive information.
3. Stay up to date with your cybersecurity.
There are quite a few cybersecurity programs that can protect businesses of any size from malware and other threats. Look for a paid program that can secure your network and every device on it. The money you spend is well worth it, as a breach could cost you much more.
Once you have your cybersecurity program in place, install all updates immediately. The Equifax breach, which affected 143 million people, occurred because the company failed to update Apache Struts.
4. Store physical documents securely.
Cyberattacks may be a more common threat, but lost or stolen documents can be just as bad. Whenever documents contain sensitive information, it's important to keep them safe from prying eyes.
Store documents in a locked file cabinet or room that only your most trusted employees can access. Dispose of documents by running them through a shredder.
5. Pay for expenses with a business credit card.
For business expenses, the best and most secure payment method is a business credit card. Most will have zero-liability fraud protection, and if you need to dispute a transaction, you won't be out any money during that process. You can set sending limits on employee cards and receive immediate notification of any transaction via text alerts.
Any payment method has its risks, but credit cards have the most safeguards and security features. Security isn't the only benefit of business credit cards, as they also provide detailed expense reports and the opportunity to maximize your travel rewards.
6. Set internal controls to guard against employee fraud.
Regardless of how much you trust your employees, it's wise to use internal controls to limit your employee fraud risk. Otherwise, employees could misuse company funds or steal customer information.
Limit each employee's access to only the information they need for their job. Make sure your systems log what information each employee accesses. Set up segregation of duties to prevent any single employee from having too much responsibility. For example, instead of having one employee make purchases and go over expense reports, split those tasks among two employees.
7. Plan your response to data breaches.
You always need to be prepared for a worst-case scenario. How you respond to security incidents can be the difference between a minor data loss and a costly breach. Your plan should include the following steps:
- Close any holes immediately – Disconnect and shut down any compromised computers, and stop using any compromised programs.
- Notify the appropriate parties – Depending on the information that was stolen, you may need to let customers and law enforcement know about it.
- Investigate what happened – Conduct an internal review or hire an agency to find out what went wrong.
Giving your business maximum protection
Preventable security issues have brought down many small businesses. Although you can't eliminate the possibility of data breaches or fraud, with the right security practices, you can reduce their likelihood and minimize the damage if one occurs.