Close this search box.
Blog » Business Tips » How to Make Sure Your Small Business Doesn’t Have a Data Breach

How to Make Sure Your Small Business Doesn’t Have a Data Breach

Avoid a Data Breach

Security is arguably the top concern for customers. And, for good reason. In 2015 there were an estimated half a billion data breaches. A data breach can damage your reputation, decrease sales, and even cost you a ton of money in settling lawsuits.

Make Sure Your Small Business Doesn’t Have a Data Breach

To prevent any of those from happening, you have to take the following steps in ensuring that your small business won’t experience a data breach.

Provide your employees with training.

According to a report released by the Association of Corporate Counsel, employee error is the leading cause of data breaches, such as sending an email containing sensitive information to unauthorized individuals outside the company.

Because of that, it’s important that you properly train your employees in security basics and raising their awareness of common scams. One of the most effective ways to accomplish this is through social engineering.

“Social engineering involves manipulating workers to voluntarily give up information or access,” says Terry Evans, president of Cybersecurity Biz in Rochester, NY, in The Hartford.

Social engineering works like this: Someone posing as a social engineer with someone in your office claiming that they are ‘testing the system’ to trick that employee into handing over their password. According to Evans, social engineers rely on the fact that employees aren’t aware of the value of the information they possess, so they’re lax in guarding it.

Social engineering awareness training, in conjunction with written policies and procedures, can be achieved through;

  • Instructing employees never to click on unsolicited e-mail attachments or links that are embedded in emails.
  • Training employees to never share sensitive information with anyone without first verifying their identity.
  • Refraining from using USB drives that are left out in the open. Hackers often leave these devices, and once used, the company becomes infected with malicious software, which gives the hacker access to your system.

“Failing to address the threat posed by social engineering is somewhat like buying a high-tech security system and then leaving your front door unlocked,” says Evans.

Another way to avoid employee error is by restricting access to secure data, like customer’s payment information or administrative access to things like bookkeeping software and social media accounts.

Limit the amount of personal data you have stored.

As the Federal Trade Commission recommends, you need to go lean and mean in your data collection, retention, and use policies.

For starters, only collect the information that you need from your customers. For example, there’s absolutely no need to gather their email passwords when collecting their email addresses when registering for an account. Furthermore, never use their personal information, such as using real people’s personal information in employee training sessions.

Also, limit the amount of time that you store your customer’s information. Once a transaction is completed, there’s no longer a need to hold onto the credit and debit card information used to complete the transaction.

Having too much personal information, and holding onto it, doesn’t just add unnecessary risk; it could also land you in hot water with organizations like the FTC.

Encrypt your data.

As Andra Zaharia explains in the Heimdal Security blog, “Encryption tools are very useful in keeping valuable information hidden from cybercriminals because it renders the data inaccessible to prying eyes.”

Zaharia explains that “Encryption is a process that transforms accessible data or information into an unintelligible code that cannot be read or understood by normal means.” Thankfully, encryption tools are included in most operating systems. For Windows-based PCs, it’s BitLocker and on Macs, it’s FileVault.

There are also free encryption tools like VeraCrypt, 7Zip, and AxCrypt.

Make sure your payment processing network is secure.

Before you start accepting payments online, ensure that your network has an adequate firewall and updated virus protection. Also, make sure that the platform you’re using is PCI compliant.

Create secure passwords and comprehensive authorization.

I completely understand creating and remembering complex passwords is annoying. However, it’s essential if you want to prevent data breaches. When considering possible passwords, make sure that they’re strong, contain at least 13 characters, symbols, letters, and numbers. It’s also suggested that you change your passwords frequently and lock users out after a certain number of incorrect password attempts.

To make your life easier, there are many password managers, such as LastPass, Dashlane, and KeePassX, that will protect your online accounts without having you memorize those lengthy and complicated passwords.

You should also consider two-factor authentication. This simply uses a password and another factor, like a pin code sent to a mobile device or a fingerprint, whenever you or your team logs into an account.

Two-factor authentication is useful when you or your employees access data from more than one device, such as a laptop, tablet, or smartphone, or when you’re working remotely since it requires a second-level of authentication, instead of just a password that can easily be discovered.

Monitor threats.

Why wait for a data breach to happen in the first place? With monitoring tools like Stealthbits, you have real-time threat detection that locates and disables any suspicious activity before databases are attacked.

Don’t forget the physical information.

We get so focused on online and cloud-based data protection that we neglect physical property like paperwork, hard drives, laptops, flash drives, and disks. Make sure that these physical items are stored securely and not carelessly left out for anyone to grab, like in your garage or passenger seat of your car.

Like not storing personal data that you no longer need, you should also dispose of information you no longer need securely. For example, if you’re a local pharmacy, you would want to shred customers’ outdated prescriptions.

How to recover from a data breach.

Despite taking the precautions listed above, you can’t completely avoid a data breach 100%. If that’s the case, here are some of the steps that you should take following the breach;

  • Even after a breach has been squashed, there’s still a possibility that your customers will have to deal with issues like identity theft. And, you’re going to receive a fair share of questions and complaints from your customers. Guide them through the post-process by being transparent, responding to their concerns, and offering them one year of identity theft prevention.
  • Work with law enforcement and consumer protection agencies by providing them the information that they need.
  • Launch a PR campaign to win back customers.
  • Rethink and update your current security strategy and software.

About Due’s Editorial Process

We uphold a strict editorial policy that focuses on factual accuracy, relevance, and impartiality. Our content, created by leading finance and industry experts, is reviewed by a team of seasoned editors to ensure compliance with the highest standards in reporting and publishing.

Former CTO at Due
I’m Chalmers Brown and former CTO of Due. I’m a big fan of technology and building financial products that help people better their lives. I have a passion for financial products that help people. I build complex financial infrastructure protocols that help scale financial companies. They are secure and support millions of customers worldwide.

About Due

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.


Top Trending Posts

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below… Learn More