In December of 2017, search engine and email platform Yahoo uncovered a data breach from 2013 that involved over a billion user accounts. In November, an independent researcher found a privacy hole in Cisco’s Professional Careers website that left sensitive data open for prying eyes. And just last month, Verity Health System notified more than 9,000 patients that their personal information may have been stolen through a medical group website no longer in use.
According to the Privacy Rights Clearinghouse, a website that reports on data breaches, more than 900 million records have been breached since 2005. These breaches can be devastating to a small business; according to security company Kaspersky, the average cost of a security breach to a small company is $38,000. Enterprise-level breaches can cost upwards of half a million dollars.
To help you tighten up your security measures, we’ve gathered a few too-common data security mistakes that could cost you dearly:
Failing to Recognize the Danger
Think that you’re not a target for a hacker or security attack because your business is too small to be attractive? Think again. Even smaller pools of customer data (containing names, addresses, phone numbers, and other identifying information) are at risk.
It’s critical to recognize that your small business needs a security plan, and to make sure all of your employees understand the importance of keeping customer information safe. You can start by auditing your current system to look for potential problem areas. Is all of your software up to date? Are you using data encryption, including email encryption? Do you have a comprehensive data management policy that details which employees have access to various kinds of data? Do you have an action plan for everyone to follow if you do discover a breach?
Not Teaching Employees the Importance of Data Security
As mentioned above, your team needs to understand how critical it is to keep customer data locked down. Don’t just assume your workers know what your security policy is, or that they’re following it properly at all times. Your team also needs to know how to spot suspicious activity and who they need to report it to.
The solution? Incorporate a data security training program into your onboarding process, and give your employees a refresher periodically. A few things your team must know include:
- How to recognize phishing emails – and what to do if they spot one
- The importance of password hygiene – changing passwords regularly, creating secure passwords, using different passwords for every account, etc.
- What each person’s specific responsibility will be if your data is breached – what part of the breach action plan will they be responsible for?
Remember: even the latest, greatest security software can’t protect against careless or untrained employees.
Not Investigating Encryption Used by Vendors
The current benchmark that the U.S. federal government requires for encryption is FIPS 140-When you’re evaluating vendors for data security, ask if their product has been tested and validated to meet this standard. If not, you’re taking a risk with a product that might not properly protect your customers’ information.
Failure to Secure Employee Devices
BYOD (Bring Your Own Device) policies can be a great way to boost employee productivity – but you have to use caution. An unsecured mobile device with access to your sensitive data tosses all of your hard security work out the window.
If you have or want to start a BYOD program, take a few steps to keep it safe. Using a cloud-based data hosting solution focused on data security is a great first step. You should also require your employees to use encryption on any device that’s able to access company information.
Not Knowing Where Your Data Is
This doesn’t just mean the physical location of servers where your data’s stored – though that’s important, too.
But more important is where your data goes as it makes its way through your company. Who has access to it at each point? Are employees following your security policy properly – or are they moving work data to their private cloud accounts so they can work at home? What monitoring system do you have in place to detect unauthorized access or other potential problems?
Any of these mistakes can leave you vulnerable to a breach. Cleaning up the security mess is only part of the cost – when you factor in loss of customer trust, customer turnover, and other business impacts, it’s easy to see how a breach can drive smaller company right out of business.
Because this is a critical topic, we’ll revisit data security in a regular series in future posts. in the meantime, think about your own policies for protecting customer information. Are you making any of the dangerous mistakes on this list?
By: Chase Kirkwood, President