Critical Steps for Protecting Customer Data in Your Small Business
By: Susan Solovic
Protecting customer data in your small business takes good planning, training and vigilance because serious threats come from all sides:
- Hardware,
- Software,
- People, and
- Systems.
Hardware
“Skimmers” are responsible for many of the infamous retail customer data breaches that have made headlines in recent years. Skimmers are hardware devices that are surreptitiously installed on your card readers. They grab credit card information from unsuspecting users and send it to the bad guys.
I’ve read that a skilled criminal can install a skimmer in less than a minute. If you have credit card readers, you need to visually inspect them on a regular—and frequent—schedule. Be sure you and your employees know exactly what your card readers should look like. Note all the screws on your devices and make sure they are all present and accounted for during inspections.
Skimmers can be slipped into and cover over card slots. Keyboards can have thin overlays to capture keystrokes. In some cases, a small video camera may be concealed to capture the moment when customers input their PINs.
Other dangerous hardware includes the digital items you or your employees may bring into your business and connect to your network. A USB flash drive, for example, can have malware in its operating system that gets transferred to your network as soon as it is connected.
Be sure you have “Autorun” disabled on any PCs in your network. Also, you should have a two-way firewall and up-to-date antivirus software. You don’t need to be transferring a file from a USB drive to your system to get infected; it can happen when employees are downloading from your system to their USB drives.
Software
There are all kinds of malicious code out in cyberspace that piggyback their way onto your computers through downloading appealing “free” software. Let’s face it, we all have a hard time turning down “free” offers, but that cool free browser plugin in might infect your system with code that will steal customer data or even hold your entire system hostage via “ransomware.” Also, don’t download any software, even if you’re paying for it, that is not coming from a website you know and trust.
I’m pointing the finger of blame here at software, because that’s where the evil physically resides, but the weak link is really the people haven’t been trained or have become careless, so let’s move to those subjects.
People and systems
It’s almost always a person who is responsible for not protecting customer data in your small business. It could be an honest mistake or it could be a malicious act.
Your first line of defense is to hire honest people and also people who are willing to take direction and work within the cyber security systems you establish. You need to check references and perform background checks as permitted by law. Stress the importance of adhering to digital security measures when you’re interviewing and onboarding new employees.
One of the biggest problems we face is that computers, smartphones and the Internet have become such a common component of our everyday lives that we overlook the dangers they pose and we get careless. This is where your responsibility as a small business owner really kicks in. You need to put written systems in place, train your employees, and constantly emphasize the importance of cyber security and protecting customer data in your small business.
If you don’t have a written policy that gives direction and guidance to your employees—and is frequently updated—it shows that you really haven’t taken this issue very seriously yet. Your employees will reflect that attitude.
StaySafeOnline.org has a lot of materials you can use to educate yourself and your staff, including many just for small businesses. You’ll also find what you need to start putting together a good cyber security policy for your small business—and don’t forget to include social media in your policy.