With the General Data Protection Regulation (GDPR) which will be in full swing by May of 2018, and the high-profile ransomware cases that have victimized big companies like HBO and Uber, to say that data security is important is quite the understatement. And as millions of cyber threats threaten the security environments of businesses big and small everywhere, how can businesses keep their data protected? Here are some tips on how SMBs can protect customer data properly.
1. Have a strong security provider
Today’s threats aren’t even fazed by simple antivirus software. To make matters worse, some malware even propagate through antivirus updates (called a DoubleAgent attack)! Hence, having a strong security provider is absolutely integral. Do your research and find out which one works best for your company. Don’t know which one to get? You may find recommendations from third-party cybersecurity guidance from NSS Labs or Gartner Technology Research.
2. Be wary of collecting customer data.
The more data you have about your customers, the riskier it is for your company and for them. So before you ask your customers to fill out a lengthy form — online or otherwise — with fields that are unnecessary for business operations. Assess your forms and overhaul them if necessary. If you find yourself having too much personally identifiable information (PII) in your hands, delete them. Do routine checks on which employees have access
3. Have a cyber-informed, cyber-secure team
No matter how high-end your security solutions are if your employees remain uneducated about how important cybersecurity is, there’s a large chance for a customer data breach. All employees, especially those who handle customer data, must be educated on how to proactively protect customer data, as well as make sure that the security products your company has are being used properly.
It is recommended that at least on a quarterly basis, employees undergo a cybersecurity refresher course — or whenever there’s a big cyber threat in the news that directly affects the industry you’re in. Establish a strict cybersecurity protocol that’s easy for employees of all levels to understand and remember, such as if you’re a clinic, it’s a no-no for anyone to send patient files to doctors’ personal email addresses so they can check it at home.
4. Don’t think you’re not a target.
It’s not just big enterprises that are targeted by cybercriminal activity — small businesses get affected the most — with 22 percent of them being hit by ransomware attacks to the point of ceasing operations completely. So don’t think that you’re under the radar — you might very well be at the center of it.
5. Keep safe and back it up
One of the easiest, most important tips is oftentimes neglected — especially by SMBs everywhere. SMBs should have a regular back up days in a month, wherein important data are backed up in different devices. So even if your files get encrypted by a nasty ransomware (hopefully not — but it does happen), you have your important files on separate devices that you can easily retrieve.