Smaller businesses may not worry as much about security breaches as large corporations, but they’re a very real danger to any type of business. Whether you keep only two employees or you have 10,000 on the payroll, you maintain personal data for your workers and your customers that should be protected. Advances in technology haven’t stopped cybercriminals from figuring out how to hack into computer databases.
The 2018 Verizon Data Breach Investigations Report revealed that 58% of cyber attacks were aimed at small businesses with fewer than 250 employees. The news headlines might be filled with stories of big companies such as Experian and Capital One, but there’s an untold trend of hackers targeting small business and stealing proprietary and personal information.
Data security may not have been your first thought when you started your company. However, as soon as you have a few customers, it really should be. Here are seven moves you should make if you want to avoid the problems that come with a security breach. Special thanks to Luca Bravo for the cover photo.
1. Remove the Target on Your Back
Even though criminals would make more money going after a larger corporation, they also see small businesses as easy targets. You can’t afford thousands of dollars to hire a digital security expert to secure your website or your network. The bad guys know this, and they target smaller firms like yours because of it. Fortunately, you can take some steps to protect yourself and your customers.
First, collect only the information you absolutely must have to do business. You don’t need someone’s social security number to sell them a gadget. You don’t need their full birthday to reach out with a discount on their birthday — just the month and day. Fully secure your website by using Secure Socket Layers (SSL) and firewalls.
2. Stop Oversharing
You’re excited about the growth of your brand and want to share your story with your customers and the outside world. Storytelling is also a simple way of attracting new traffic to your site and capturing their emotions. However, being too open may give black hatters insight into what you might choose for passwords. In addition to choosing complicated passwords, make your personal social media profiles private.
Share details about where you started and how far you’ve come, but leave out extremely personal information, such as your brother’s middle name and date of birth or your favorite dog’s name. Or just avoid those security questions and choose something really unique to you! Never complete the social media quizzes asking for personal details. Doing so puts information out there that’s often similar to security questions asked to secure your accounts, such as what your first car was, who your favorite singer is and so on.
3. Train Your Staff
As a startup, your employee turnover might be higher than you’d like. You can only afford to pay so much, and your benefits packages may not be as attractive as what people can secure elsewhere. Untrained workers may not be up on the latest in online security or your own procedures to protect customer data. This issue can leave them and your company vulnerable to downloading malware or exposing information that should be kept private.
Your best line of defense is not allowing untrained staff access to all information. Give them permissions commensurate with their experience level. That way, if they’re exposed, the malware will only gather basic information rather than gaining access to everything you have to offer. In the meantime, train staff in your policies and procedures.
4. Gain Customer Trust
New brands often have a difficult time gaining customer trust. In the 2019 Edelman Trust Barometer Special Report, researchers looked at more than 25,000 participants in eight major markets around the world. They shared 75% of consumers valued trust over trendiness. Trust falls into the top five reasons people choose a brand for their patronage. Dealing with a data breach while still working to build trust can be devastating to a small business’s reputation.
Put safeguards in place to protect your new customers, and let them know what you’re doing to keep them safe from cyberattacks. Protect their information like you’d want a company to protect yours.
5. Avoid Costly Cleanup
You may never recover from a data breach. The U.S. government reported that 60% of small to medium-sized businesses that suffered a cyberattack went out of business within six months. The costs of the breach are high because the company has to clean up the mess, inform customers, possibly pay fines for not keeping information secure and so on.
Businesses often come to a complete halt after a hacking incident as they try to clean up the mess left behind. Your best line of defense is keeping the hackers out in the first place. Invest in software that keeps your data secure, and update it frequently. Host your data on a secure cloud server instead of your personal computer.
Photo: Liam McKay
6. Abide by Regulations
The General Data Protection Regulation (GDPR) may have been implemented by the European Union (EU), but it applies globally if you do business with any EU citizen. You could run into costly fines if you fail to properly secure people’s personal information.
7. Reduce Stress
Worries over data breaches may add undue stress to you and your leadership team, especially if you have access to sensitive information. One example would be the medical industry, where deeply personal details are often kept on file. The last thing you want is for someone to gain access to this information and use it against your customers. Spend time putting a strong security system in place. Buy the protections you can afford, and study the issues on your own to ensure your website and the network is as secure as possible. Various types of software will do much of the watchdog work for you.
Build Your Reputation
In the world of business, your name is your reputation. Take the time to protect yourself from the threats out there so that you don’t have to inform your users that their data has been stolen. People aren’t quick to forgive a company that costs them time, money or aggravation. Prevent the issue in the first place so that you can focus on creating a brand people see as trustworthy and long-lasting.