If you’re a small business owner doing business in 2017, one of your most important tasks is securing customer data.
There have already been far too many breaches in small business security and ransomware cases, where customer data suffered as a result. As a business, it is your responsibility to keep your customers’ personal data private and secure.
Here are the top 5 ways your small business should be securing customer data.
Before you make any other decisions about marketing or new processes, make sure the information you require and keep is necessary.
For many, the issue of customer data is only an afterthought, and this is where the problem leads. Before you ask for more and more information about your customer, first try to figure out what kind of information you absolutely need. It’s fine to get the email address, but do you really need their social media profile, family history, and social security number?
If keeping sensitive data is necessary, the next question to ask is: who will have access to this data?
You need to take reasonable steps to secure customer data, and this begins with limiting how many employees have access to that data. For example, Twitter came under fire from the FTC for giving administrative access to almost all of its employees. Therefore, if one employee’s credentials are compromised, the hacker could have access to all of Twitter’s member accounts.
If you have sensitive customer data, you’ll need to make sure that all the employees that can access this data have strong passwords. These passwords should be unique, complex, and stored securely.
The FTC Twitter investigation found that employees were allowed to use regular words for admin passwords. Remember, this type of laziness is one of the reasons why over 100,000 IoT (Internet of Things) devices were hacked in last October’s DDoS attack that shut down internet service in parts of the US and Europe. Because of weak and easy-to-guess and find admin usernames and passwords, the device or website is easy to hack.
If you have sensitive customer data, you should not leave it out in the open to be easily read. It is imperative that you use encryption for storing and transmitting sensitive data. This is one of the most common security tips for small businesses; however, many are reluctant to follow through because it seems like a daunting and expensive undertaking.
However, it doesn’t have to be. Small businesses can get powerful protection with VPNs (Virtual Private Networks) such as NordVPN. A VPN establishes a secure encrypted connection and sends the Internet traffic through to a VPN server. The VPN also hides the user identity, making it much more difficult for outside hackers to track them and intercept their traffic.
VPNs are easy to install and they have very low monthly fees—a small price to pay for the high level of security they offer.
Data breaches are largely initiated by what’s known as remote access—providing a user access to a network without the user having to physically be at work. This is true for many companies who have employees working from home or teams in different parts of the country or the world.
The problem comes with ensuring that there is appropriate endpoint security. The FTC also investigated Dave & Buster’s and found that the popular restaurant and entertainment company didn’t limit third-party access to its network. This allowed a hacker to easily walk in and out of the company’s network and steal personal information.
This is another area that can easily be secured with the use of a VPN. Instead of opening a lot of entry points in the traditional private network (with each entry point being a possible security breach), you can use a VPN which acts like a single entry point. In order to access the internal network, users will first have to go through the VPN server.
And with strong, secure servers such as NordVPN’s, it makes it much, much harder for the private network to be breached.
***
For any small business, these are the five most important things to consider when working with sensitive data. If you are collecting and storing this personal information, it is your duty to secure customer data. That’s why solutions like a VPN for business could help protect your company from these kinds of threats.