A data breach is a scary thing, and it can happen to anyone. Just recently a data breach at the Office of Personal Management exposed the personal data of an estimated 18 million, former, prospective and current federal employees. So if it can happen to the federal government, it can truly happen to anyone. But the steps you take today toward a robust data security system may help protect both you and your customers from big headaches down the road.
Humboldt Merchant Services has put together a list of steps you can take to help safeguard your data. Here are a few things to consider when putting together your security checklist:
- The experts at kroll.com say a big step toward protecting against a breech is to educate your employees about appropriate handling and protection of sensitive data. If your employees have laptops that contain sensitive information, make sure they know, and are following your business’ protocol in handling business equipment. Educating employees is one of the simplest ways to secure the biggest amount of data.
- If you don’t have the information anywhere on your computers, or at your business, then hackers can’t hack what’s not there. Here are a few tips you should keep in mind when planning to store data:
- Don't collect information that you don't need.
- Limit the number of ways you keep data.
- Grant employees access to sensitive data on an "as needed" basis and keep current records of who has access to the data while it is in your company's possession.
- Purge the data responsibly once the need for it has expired.
The Better Business Bureau has taken the time to put together a comprehensive clearinghouse on making data security simpler to understand and implement. Here are a few suggestions the BBB has for the small business owner:
Write it down. Create a standard operating procedure for your data security measures including checklists you have created, the security measures you are taking and an explanation of why these security measures make sense. Not only will this serve as a great resource for your employees, it will also serve as documentation that your company has taken a good faith effort to protect customer data.
Inventory your data. Inventory the type of data you collect, store and/or transmit. Inventory how you store your data and where you store your data for each type and format of customer information. Inventory how data is moved, who has access to it and how to keep it locked up physically and electronically. You may want to look into seeking outside sources that can help you identify possible holes in your system.
Set high standards. If anyone is going to have access to customer data, like partners and vendors, be sure they follow the same type of data security you're your business does. If a third party stores your customer’s data for you, learn how they do it, and what systems they are using and how they are handling access control.
To learn more about what else the Better Business Bureau says about data security, click here.