It feels that not so long ago data protection was something only a handful of companies had to concern themselves with. Today, however, it is hard to find a business that doesn’t need access to some kind of personal client’s information to carry out its functions. This, naturally, entails the need to protect this data from accidental leaks and intentional hacking.
Firstly, because it is good business sense – customers aren’t happy when their personal data become known to third parties, and a massive leak can lead to serious reputational consequences for a company (like those suffered by Globe, a massive Filipino telecom company), which in turn leads to decreased trust and financial losses.
Secondly, because this kind of activity is heavily regulated, primarily by the Data Protection Act (DA). The ICO, regulatory body, has the power to fine businesses that don’t abide by the DA. Fines can be as high as £500,000, depending on a few factors. As most of these cases are unintentional and are not a result of malicious activity, such heavy penalties are rare. Most cases are dealt with via an enforcement notice. The ICO contacts the offending business and demands it to take specific steps to protect their customers’ data. If data is stolen or any other type of damage happens, the ICO should be contacted immediately. In general, The Data Protection Act (DA) is not limited to any specific type of business, as even private persons have to follow the legislation if they use private information.
In other words, every effort put into protecting your clients’ data is an effort well spent. And in this article, we will cover some of the practices you can employ for that purpose.
1. Don’t be complacent
Many small business owners believe that hackers only target big corporations that have plenty of data to steal. This is not true – almost half of the cyberattacks are aimed at small and midsize businesses precisely because they don’t expect to be targeted and don’t invest in cybersecurity as much as their bigger counterparts. Your security system doesn’t even have to be uncrackable – it should just be good enough to make cracking it has a poor ROI, taking into account the relatively small amount of data that can be stolen from you. Invest in antivirus and cybersecurity software and keep them constantly updated.
2. Create a culture of strong passwords
91 percent of user passwords appear on the list of 1000 most popular passwords – which feels almost obscene in our age of constant data leaks, security breaches, and data mining. This means that you have to make sure that all passwords used by you, your employees and your clients are properly constructed. Make it obligatory for your employees to use advanced password generators and password managers to create individual strong passwords for each of their accounts, and encourage your clients to do the same.
3. Keep testing your security
The work towards security is never over. Cyberthreats grow in number and complexity every day, and your security system should keep up with them. Keep an eye on all new developments in this sphere and introduce them once they appear. Run a daily virus and malware scans using the latest tools. Perhaps even hire an ethical hacker or a cybersecurity expert from time to time to check your system for vulnerabilities and backdoors.
4. Don’t collect what you don’t need
The more information about your customers you collect, the more valuable you are as a target for hackers. Avoid using personal information as identification methods. Unless it is absolutely necessary, don’t collect sensitive information like social security numbers. Remember that people don’t like using services and stores that collect a lot of data about them in the first place.
5. Educate your employees
It doesn’t matter how thorough your security ruleset or how advanced your security software is. If people working for you don’t treat security seriously, it will lead to a disaster sooner rather than later. You will be amazed at how many security breaches are caused because an employee does something obviously stupid, like opening an attachment to an email from an unknown source. That’s why all your employees should be educated about the latest fraud schemes and taught all the principles of digital security.
6. Address mobile device risks
BYOD (Bring Your Own Device) policy is getting increasingly popular due to the amount of flexibility it offers, but it brings about serious risks as well. Mobile devices contain sensitive information but exist outside of the company’s infrastructure, and are therefore more difficult to protect. Impress upon your employees the importance of keeping them safe from theft, loss and other security risks. Also, make it obvious that not reporting such an event is a more serious offense than allowing it to happen in the first place.
Of course, these tips aren’t comprehensive – but they will undoubtedly make you more likely to keep your client’s data safe.