Data schmata. What is all the fuss about anyway? As a business owner, it’s easy to get caught up in day-to-day business operations and forget about protecting customer data. But the truth is that leaving your customer data is not only irresponsible, it can cost you your business. We’ll help you get ahead of the game and minimize your chances of running into trouble.
Create a plan.
Data security can’t be done willy-nilly. It’s too easy to miss something. And eliminating human error as much as possible is critical. While most of us think of data breaches as being purely malicious activity by outside hackers, the truth is that 35% of data breaches involve a contractor or someone inside the organization, according to the 2013 Ponemon Institute Cost of Data Breach Study. In these cases, it can be a simple case of improperly trained employees or an insider intentionally stealing data. Either way, having a plan will help safeguard you and your business.
Create a data inventory. Make a list of all the kinds of data that your organization collects, stores, and/or transmits. This might include customer addresses, social security numbers, account numbers, or email addresses. Note what data you are using and where you are storing it.
Keep track of data access. It’s important to know who within your organization (and any outsiders like contractors) has access to your data. This might be keys to a storage cabinet with customer files or passwords to your spreadsheets. Make sure access is granted and limited in appropriate ways.
Identify data protection needs. Are computers with sensitive information password-protected or left vulnerable? Is electronic data backed up appropriately? Do you have safety nets in place like up-to-date virus and malware protection, a strong firewall, and operating systems with the latest updates?
Be mindful of passwords. Make sure you and your employees are using strong passwords and updating them regularly. If you’re not already using a system to manage your passwords, now might be the time to put that into place.
Consider a breach notification policy. We all want to think that a data breach won’t happen to us, but be prepared to react swiftly if it does. Think about things like: training your employees to recognize and report a breach, how and by whom breach information will be gathered, and who needs to be notified after a breach (might be your customers, financial institutions, appropriate government agencies, or even an attorney).
Set up a yearly review of your data security plan. How about January 28, since it’s actually National Data Privacy Day? We’re not making that up. In 2014, the U.S. Congress adopted January 28 as a legit holiday. Take this day to review, assess, and make any necessary changes to how you handle data.