Many small- and medium-sized companies don’t think they have enough money or time to invest in preventing data breaches. But failing to take steps to protect sensitive customer and employee information could lead to significant – and even crippling – financial and legal problems. In a world where even government agencies and big corporations are being hacked, it may seem daunting for a small firm to reduce their risk of data theft. But there are several steps any small business can take that could dramatically reduce the chances of a data breach:
1. Using firewalls and encrypting data. In the event of a data breach, not using firewalls and not encrypting data could make your company appear to be neglecting its responsibility to protect private customer and employee data. The good news? These two steps aren’t quite as involved and expensive as they once were.
2. Storing only the information that you truly need. Data is an important asset to many companies, so they keep lots of it around. After all, you never know when you might need it, right? Unfortunately, it’s also a liability. If someone gains access to your customer or employee data, the more information you have stored, the easier it will be for hackers to use it to commit identity theft – and the more likely you could be held liable for any information that ends up in the wrong hands.
3. Realize that your own employees could steal or misuse data. Sure, hackers can cause a lot of damage. But many data breaches are caused by employees – unknowingly or intentionally. That’s why it’s important to train your employees in the rules of handling sensitive data and consider limiting access to databases or files only to trusted employees or those who need access to the information.
4. Know who you’re doing business with. Do you outsource payroll processing? How about payment processing? Small businesses rely on a number of other companies. You may have taken the right steps to prevent data breaches. But are the companies you contract with taking the right steps – and making enough of an effort – to protect your company’s data? Make sure you ask what steps they are taking.
5. Get insurance. There is insurance that specifically covers cyber attacks. Do you have it? The Federal Trade Commission recommends insurance that covers:
- Data breaches
- Attacks on data your vendors hold (see number 4 above)
- Cyber attacks (worldwide)
- Terrorist acts