Defend and Destroy: Tips on Keeping Your Customer’s Data Safe
If you own a business, you are always vulnerable to an attack. While you will hopefully never encounter a violent, disgruntled employee, you will almost certainly come face to face with a cyber threat, and you may never know it’s happening until after the damage is done. Cyber attacks are alarmingly common, with around half of all small businesses being targeted, according to Inc.
While your very existence puts you and your customers in the crosshairs of criminals, there are things you can do to protect your assets. Here are a few tips:
Get help if an attack has already happened
If you found this article while looking for ways to defend yourself post-attack, you may be better off calling in a professional to recover your data from phishing, an email scam, or other form of attack. Restoring your files is essential, and waiting until you’re at a good “stopping point” will only increase the damage. Shut down all working computers, and immediately contact tech support (either in-house or an outside service). According to Secure Data Recovery, these specialists will be able to determine the source of the problem and can help you get back up and running more quickly without losing a great deal of your productivity.
Enact transaction, education, internet, and email policies
Once you are back up and running, you’ll need to defend against future hostility. A few relatively simple steps can take you a long way here. The first is to make sure that your company is PCI compliant, meaning you’ve ensured that your consumers’ credit card payments are secured. If you aren’t sure your methods are up to par, the PCI Security Standards Council offers self-assessments, and you can hire a council-approved auditor to look over your methods.
Next, educate your employees on the dangers that lurk around the backdoor of your company’s tech systems. These often enter under the guise of urgent communications, and usually through email phishing, which is the process of faking emails to encourage clicking a link. This link may then infect the employee’s computer with malware. Considering that the number of destructive malware programs continues to increase, even advanced firewalls and security software can’t always keep up.
The best way to stop malware from entering is to never open the door in the first place. This is achieved not by your IT department’s 24/7 vigil, but by training your employees in ways they can help. Infosec recommends restricting personal internet usage and limiting how your employees can use their work email. As an example, create rules that disallow using a work email to register for social media accounts or online shopping.
Touch base with your employees on responsible email practices, such as not opening emails from unexpected senders. Require that any message requiring “immediate action” or that threatens legal action is forwarded to IT. Employees should also be taught to never click links from outside sources. Once you have completed training, you can follow UC Berkeley’s lead and send a simulated phishing email to see how well the lesson stuck.
Destroy used information
In addition to following PCI compliance guidelines, one of the best ways you can protect your customer’s data is to destroy it once it has been accessed. Additionally, you should be collecting only necessary customer information and leaving the personal details out of your business transactions.
Emphasize ongoing efforts
It’s one thing to make it through an attack, but without further steps to proactively keep your data safe, your efforts may be for naught. Remember, your customers may forgive one incident; they likely won’t stick around after two. The FTC’s Data Breach Response guide goes into greater detail on how to safeguard your customers’ — and your — best interests moving forward.
A single cyber attack can destroy a small business. Don’t let everything you’ve worked for go up in flames. Simple precautions can make all the difference, and in today’s tech-dependent world, you can’t afford not to be two steps ahead of digital dangers.
Written by Katie Conroy