You are now a victim of credit card theft. Your information has been hacked and you are on the phone with your bank explaining how you were out to lunch at 1pm and not racking up a $300 dollar bill in light bulbs at home depot. Credit card theft has been a fear for everyone for many years now, and is still a reason some people choose never to shop online. As a consumer, it is a great concern. As a business owner, it is a loss in revenue. With data breaches continually hitting the newsstands, business owners can’t help but to worry when they might be next.
So, what is data breach? Data breaches are incidents involving hacking into unsecure networks or databases which can lead to potential loss of sensitive data. Sensitive data can be anything from social security numbers to passwords and credit card information. Although headlines often talk about bigger businesses, banks, and websites getting hacked, small businesses are equally at risk.
Back in September 2014, there was a nationwide data breach of 56 million debit and credit cards from Home Depot; the largest breach since Target’s pre-Christmas data theft in 2013. In addition to stealing debit and credit card data, Home Depot announced on November 6, 2014, hackers stole 53 million email addresses! They explained that hackers initially accessed its network in April with a third party vendor’s username and password. Clearly their systems are not as secure as they thought.
As a small business owner, you want to ensure your system has little to no flaws. Here are a few tips to keep in mind:
- Promote and support security awareness! This is quite possibly the most important step in keeping your client base loyal and satisfied. It takes one bad apple to ruin the barrel, and this is why every employee must work in partnership with security professionals to ensure the safety of corporate data.
- Protect your organization with a proactive security plan. A true hacker will not cease until information is obtained, so why should you cease to protect your business? Awareness, understanding, and proactivity are the name of the game! Keep current with security software updates, don’t rely on encryption as your only method of defense, and conduct periodic risk assessments. Determining if you’ve acquired new areas of risk, before it becomes the latest headline in the NY Times, will save you a lot of explaining to do.
- Prepare your response to a cultivated attack. Your line of defense needs to be strong. Establishing a comprehensive breach preparedness plan that will enable decisive action and prevent operational paralysis is critical. Clients will appreciate that your organization has taken anticipatory steps to address security threats which will ultimately build trust.
- Data minimization. Thieves can’t steal what you don’t have. Don’t collection information that you don’t need. Reduce the number of places where you retain the data. Purge the data responsibly once the need for it has expired. Grant access to sensitive data on an “as needed” basis and keep current records of who has access to data while it is in your company’s possession.