It seemed like everyone I knew got a new credit card last year, and it wasn’t because of great introductory offers or frequent flyer miles. Instead, they were issued a fresh card after the onslaught of security hacking scandals in 2013.
Last October, Adobe Systems announced that more than 2.9 million customers’ data was stolen, along with more than 40 GB of source code. In November and December, hackers accessed the credit and debit card information of more than 40 million Target customers, causing a 46 percent drop in its fourth-quarter profits.
Data breaches are devastating for huge corporations, but they can destroy a small business. Not only will a breach hurt your bottom line, but it will also kill employee productivity and damage your reputation.
To protect your customers’ data—or any other valuable information you keep under lock and key—you need to take data security seriously.
Here are seven tips for keeping your company’s data secure:
1. Plan Your Implementation
Rolling out a clumsy piece of security software that few people on your team understand will only cause confusion and waste time.
Don’t implement a security process en masse. Test it with a small group of employees, and refine your training process and workflow. Later, expand your test group and polish it further. Repeat this procedure until you feel confident with the workflow.
2. Install Encryption, Antivirus, and Anti-Malware Software
Like the common cold, computer viruses and malware spread rapidly, and an easy defense is found in antivirus and anti-malware software.
Most viruses enter your computer through the guise of a friendly looking document or benign file. Installing antivirus software gives your computers and data a safety net in case you don’t look before you click. Anti-malware software, on the other hand, protects you from downloading software from malicious sites or email.
But antivirus software by itself isn’t a strong defense—you also need to encrypt sensitive data. Find software that can seamlessly encrypt all data on employee machines.
3. Don’t Neglect Physical Security
When I meet up with friends at the bar after work, I bring my laptop inside rather than leave it in the car. Sure, it’s awkward, but I’d rather lug it around than waste time and money rebuilding one from scratch if it gets stolen.
We put so much emphasis on software data protection that it can be easy to neglect hardware security. Don’t leave your laptop in sight in public, and keep tabs on your phone—especially if it stores secure data and email.
4. Set New Passwords
Even in 2014, the number of people who have insufficient passwords would stun you. There’s absolutely no excuse for neglecting to create secure passwords for every member of your team. Enforce a password policy on any device or software used by employees; if you’re sending sensitive documents through email, make sure they’re password-protected or encrypted.
5. Survey Existing Security Features
Sometimes, the best security features can be found in programs you already use. Check any software you’re currently using that handles sensitive data or intellectual property for proper security controls (e.g., encryption, passwords, etc.) and an audit log of employees who have accessed the files.
6. Conduct Audits
Get into a regular habit of auditing yourself and your employees to ensure compliance with security protocols. By having a firm checklist of dos and don’ts, you can push noncompliant employees back on course before the worst happens.
7. Monitor Social Media
While Facebook and Twitter provide a place to vent, employees need to be careful not to divulge customer information in the process. That goes double for those in the medical industry. Revealing patient data can get you slapped with a crippling HIPAA fine. If your company doesn’t have a social media policy, now is the best time to outline what can and can’t be discussed online.
Data security is a company-wide concern and one that shouldn’t be neglected. One incident can crush your business and damage customers’ trust. It’s much cheaper to invest in solid security software than to repair the damages of a data breach.
What do you do to protect your business from a data disaster?
Published: July 9, 2014