Data privacy is no joke. Infact, if you joke with it, you may get fined millions of dollars.
No small business or any business in particular fancies encountering a data breach mess. In the face of the Target breach, Neiman Marcus and all we hear about daily in the news, as a business owner, it is imperative that you take these steps mentioned below.
Whether you operate an online business or a huge conglomerate, take them seriously.
You may think that your business isn’t one of the big guns therefore you don’t have anything to worry about. Think again. Small businesses are more vulnerable because they spend less on data protection and security.
Okay, what am I talking about? Here’s a hypothetical case study.
You are the owner of a brand new local bake shop. You accept credit cards. You use Square or PayPal Here with your iPad to process store transactions. It is easy to operate and pretty straightforward. Currently, you are the only worker in the store. However, you will hire an assistant next week. Thus far, business is booming. You are the talk of the town and everyone wants a piece of that special potato pie by Grandma Gillian.
Now that you are in business, how do you make sure that the personal data of all customers who use debit or credit cards to pay is secure including when you use that iPad?
- Don’t keep data longer than you have to. For example, if you own or manage a daycare facility and use a biometric fingerprint reader to check-in and check-out parents, once the parents no longer use your facility, get rid of the information from your system.
Although manufacturers of fingerprint readers state that info is encrypted and cannot be used for any other purpose, play it safe: have a set duration for how long personal data will be stored and get rid of information you no longer need.
- Take PCI Compliance seriously. This is important if you make direct credit or debit card transactions. Go through the regular renewal process and answer the questions correctly. If additional security measures need to be taken because of the nature of your payment processing area or location, take them.
In the (hopefully unlikely) event of a data breach, the pertinent question will be: “Which security measures did you put in place to prevent this from happening?”
- Make sure your employees (including those who work from home or are on the go) don’t connect via unsecured wi-fi.
- Be extra vigilant. Know who has access to whatever information.
- If you use an iPad for point-of-sale credit card transactions, then make sure it is not used for personal stuff that can introduce malware. Get a separate device for your personal use.
- Protect your smartphone. These days there are tons of apps for business use – from creating invoices to conducting transactions that involve the transmission of personal data.
This is very common among digital business owners who live on their smartphones and tablets. If for any reason that smartphone is stolen or lost, it becomes an open sesame for intruders.
Again, don’t keep information longer than necessary.
I am not making you paranoid but they say truth is bitter and this one has to be told. Don’t compromise your client’s data because of procrastination or thinking you are invincible.
Do you know that the Target breach started with a hack into one of their contractor’s systems? This contractor was a small business (a HVAC company) that did business with Target.
A malware-laced phishing email was sent to its employees and one breach led to another and landed Target in hot water!
Regardless of your type of business: daycare, beauty supply store, non-profit, landscaping company, doctor’s office, etc ==> take these steps seriously to avoid unauthorized access to personal data which can lead to unwanted trouble.
For more ideas or steps you can take, California’s AG Kamala D. Harris introduced a nice document with simple steps that you can take to protect your small business from a data breach. Regardless of which state you reside in or conduct business, it will help your business stay secure.
Question: Are you a local business owner? Which small changes have you made that have increased customers’ trust especially in the face of recent data breaches?
Image courtesy of rgb
Belinda Enoma is an international speaker, Cyber Privacy and Security Consultant focusing on US-EU laws including the General Data Protection Regulation (GDPR). She is a renowned digital influencer, author, ordained pastor, host of iEmancipateMe Global Conferences and mentor to women who are life changers.