Every business’ success hinges on its customer relationships, and every customer relationship hinges on trust — trust not only that the company will deliver on its promises, but also that it will protect clients’ sensitive information. A security breach can quickly shatter that trust, costing you valuable customers as well as time and money. It is estimated that U.S. companies lost $188 per compromised customer record in 2012, according to a study released last week by Symantec Corp and the Ponemon Institute.
The 2013 Cost of Data Breach Study shows that human errors and system problems caused two-thirds of data breaches in 2012. Some of the most common issues included employees mishandling confidential data, lack of system controls, and violations of industry and government regulations. Here are some recommendations for small business owners to help protect sensitive information:
- First, take stock of all the data you collect, store and transmit.How do you store sensitive information? Who has access to it? In what ways could data be compromised?
- Educate and train employees on how to handle sensitive information.
- Work with your financial institution to establish a “dual control” payment system so that payments can be initiated only with the authorization of two employees.
- Check your account balances daily, and notify your financial institution immediately if you see any suspicious activity.
- Regularly update anti-virus and anti-spyware software. Last year, malicious or criminal attacks accounted for more than a third of the total breaches.
- Secure laptops and smartphones. These devices are loaded with sensitive data, and because of their portable nature, they are particularly vulnerable to loss or theft. Use password protection and encryption software as an extra layer of protection on company laptops and smartphones.
- Have a plan in place in case a data breach does occur. In some cases, a rash response to a data breach ends up costing more. Companies that take the time to decipher which clients are actually at risk, as opposed to over-notifying customers who are not in danger, ultimately spend less on data breaches.
- Practice constant vigilance. You’ll eliminate much of your risk by proactively implementing and following through on security measures.