Small companies are attractive targets for cybercriminals because they don’t have the resources to combat it like the more prominent companies. Or they’re hoping that they don’t. Has a data breach compromised your company? Consider bringing in a digital forensics investigator that can root out any security issues they find when examining your setup. They’re invaluable resources for data recovery, digital forensics analysis, expert witness testimony, and much more.
Keeping your customers’ data protected is essential not only for their protection but for your business. We live in a digital era where even companies like Facebook and Instagram are vulnerable to cyber-attacks and hackers. Encourage your employees to create complex passwords, run virus and malware scans daily on work computers and destroy all data before disposing of it. Every and any company, no matter how big or small, can be susceptible to cyberattacks.
Here are some actionable, practical steps you can take to keep your customers’ information more secure today.
1. Always Keep in Mind: You’re Never Too Small to Get Hacked
43% of cyberattacks target small businesses. Verizon’s recent data breach study said small businesses are the target of nearly half of all cyber-attacks. Never assume it won’t happen to you, it can and it will. Laxity exacerbates the risks of a data breach for companies big and small.
Smaller businesses tend to have fewer resources than the more prominent companies, and they hope for the best when it comes to keeping data secure from cyberattacks. Every business should invest in data protection for their customers. Even small companies selling products from brick and mortar shops or online e-commerce can become victims of a data breach.
Statistics have shown a rise in cyber attacks, so businesses can never be too careful. Being somewhat cautious and skeptical with protecting your customers’ data will take you a long way. Be mindful of how you deal with your customers’ private information; you want your customers to feel safe when they’re paying for your products or services.
2. Install Antivirus and Cybersecurity Software
Every organization should invest in antivirus and cybersecurity software. When it comes to keeping your customers’ information secure, it’s best to trust the professionals; trying to do this on your own is very risky. Some of the best antivirus and cybersecurity digital protection are Avast Business Antivirus Pro, Kaspersky, Endpoint Security Cloud, Bitdefender, GravityZone, and Business Security. All of the software mentioned offers a comprehensive firewall to protect your customers’ data from cyber attacks.
Once you have the proper software installed, it is essential to install software updates to access new features and be on the safe side regarding security loopholes being discovered in outdated programs. Don’t make the mistake of putting off updates and patches; make sure your software is updated correctly. It’s annoying to have to reboot your system occasionally, but the added protection to customer’s data far outweighs the minor inconveniences.
3. Create Complex Passwords
This one seems obvious and pretty common sense, but sometimes a simple thing is the most effective. Your work email passwords for your company website or access to your work computer are the keys to the kingdom for hackers.
The best way to ensure your accounts stay protected is to make sure your passwords are unbreakable.
Take these specific steps to make your passwords rock-solid:
- Make them long
- Use a mix of letters and numbers
- Avoid the use of common words
- Don’t use keyboard paths
A password generator will create top-notch passwords. A strong password is essential to prevent others from breaking into your account. Since generated passwords tend to be hard to remember, make sure to get a good password management service to keep track of them for you.
4. Verify PCI compliance
What is PCI Compliance? PCI compliance is a set of requirements intended to ensure that customer credit card information is secure. If your company is handling credit card transactions, be sure how you’re storing, processing, and transmitting cardholder information in compliance with Payment Card Industry Data Security Standards (PCI DSS). By implementing PCI compliance basics in your business, customers can feel safe knowing that their personal information is handled securely. Download the PCI Compliance IT Checklist here.
The 12 Requirements for PCI Compliance:
- Protect your system with firewalls
- Configure passwords and settings
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update antivirus software
- Regularly update and patch systems
- Restrict access to cardholder data to business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to workplace and cardholder data
- Implement logging and log management
- Conduct vulnerability scans and penetration tests
- Documentation and risk assessments
Download the PCI Compliance checklist to make sure you meet all requirements for your business.
5. Destroy Before Dumping
Data breaches can occur right behind the office in the dumpster. You can recycle old files and paper copies, but be sure to cross-cut/shred them before discarding them. Wipe the drive clean before reusing a computer that previously held sensitive information. Make sure to use special software for that specific purpose to wipe the drive. If your business is throwing a laptop away, be sure to remove the drive and physically destroy it.
6. Keep only the data you need
Take a look at the kinds of files you’re keeping and consider whether you need to store this information. Customer names may be necessary, but look through and see if you can delete some files. You should purge any data that does not directly relate to your company’s needs. Do you need to be storing customers’ credit card information? Those are clients’ credit cards; you don’t need to hold on to them; you create an enormous problem for you and your customers if you do.
7. Use A Virtual Private Network (VPN)
You want to put up as much protection as possible between your customers’ data and those with malicious intent. One of the best ways to keep your customers’ data secure is a virtual private network. A virtual private network (VPN) gives you complete privacy online and anonymity by creating a private network. A VPN will mask your IP address, so your online actions are untraceable. A VPN establishes secure and encrypted connections to provide greater privacy than even a secured Wi-Fi hotspot.
Having control over your server and private network ensures who can access it and decreases outside interference chances. By keeping that data protected behind multiple security layers, you make yourself and your business more trustworthy with people’s information.
8. Encrypt your Customers Data
What is encryption technology? Using encryption technology is another way to keep your customer information secure. If you’re holding any sensitive customer information, your business should invest in encryption software. You’ll also want to encrypt your business email if you’re sending/receiving sensitive data.
9. Conduct a Penetration Test
This exercise may be the most crucial step of all. After setting everything up, your generated passwords, antivirus, and cybersecurity protection software, and you’re on a private network or server; you’ll need to conduct a test on how protected your customers’ data is.
To do this, we’ll perform a penetration test. A penetration test, also known as a vulnerability test, is a simulated cyberattack against your computer system to check exploitable vulnerabilities. Penetration testing is commonly used to improve a web application firewall (WAF).
The phases of penetration testing include:
- Planning: The penetration testing company will outline the logistics of the test, expectations, legal implications, objectives, and goals to achieve
- Scanning: The pentester works on gathering as much intelligence on your organization and the potential targets for exploitation
- Gaining Access: The tester identifies targets and maps the attack vectors. Any information collected is used to inform the method of attack during the penetration test
- Maintaining access: With a map of all possible vulnerabilities and entry points, the pentester begins to test the exploits found within your network, applications, and data
- Analysis: Document the methods used to gain access to your organization’s valuable information
- Report: Receive written recommendations from the penetration testing company and have an opportunity to review the findings from the report
Conduct vulnerability tests often on all work machines to keep your customers’ data secure and keep making your firewalls and security stronger.
If your company follows these recommendations listed above, it will significantly improve the security of your customers’ data. Although time-consuming, you are taking all the precautions to prevent a data breach is much better than dealing with a data leak. Better safe than sorry, they always say. But there are times, even with taking preventative actions, a data breach can still occur. If you find your business in a data breach situation, it can be terrifying and stressful. As mentioned above, digital forensic investigators are well equipped to deal with these situations and will even testify in court on your behalf.
About the Author
Jennifer Bell is a freelance writer, blogger, dog-enthusiast, and avid beachgoer operating out of Southern New Jersey.