When you operate an online business that accepts credit cards, you’ve got a significant responsibility in ensuring the safety of your customers personal data. Many folks think that it’s just the big time businesses that are at risk of being hacked into and having data stolen. Nay, nay, my good friend. Smaller businesses are normally more likely targets because of their less sophisticated systems. If your a hacker, where is your time going to be best spent? Trying to get into highly secure sites, or a site that employs very little to no security measures?
Protecting your customers data starts with you being alert, informed and cautious. As part of these three components, you’ll want to follow these six key strategies while your customers data is in your possession:
1. Storing Data
In your business, you likely have two methods of storing your customer’s data. Online and via hard copy.
For hard copies, it’s pretty simple. Keep the data locked in cabinet that’s in a locked room or storage facility. Limit access to yourself and high ranking, trusted employees only.
For electronic copies, be sure they are stored in a password protected area and that the computer they are stored on has the latest in firewall protection.
2. Get rid of data properly
When it’s time to get rid of hard copy data, you can shred them yourself, or depending on how much shredding needs to take place, you can call a company to come in and do this for you. Be sure they are bonded and have security measures in place to protect the data. Best to have the data shredded on site so you can monitor the destruction of the data.
With electronic data, be sure to format the hard drives of any computer equipment you are selling or otherwise getting rid of. Deleting the files isn’t enough. There is also a software program available at killdisk.com that will delete files permanently from your hard drive.
3. Add in additional layers of security
Be sure you take the following steps on all of your business related computers:
a. Install anti virus software and be sure to keep it up to date.
b. Backup your data regularly.
c. Conduct routine security checks.
d. Use encryption tools to encode your customers information.
e. Ensure that you’ve got firewalls installed and updated on all of your machines.
f. Be sure to keep an inventory of all your files
g. Lock up all hard copy data
h. Devise and implement a security policy for your web site and for your company in general.
i. Use a virtual private network anytime you are sending information over a wireless connection.
4. Implement a notification policy
While you are taking preventative measures against data theft, you’ll also want to set up a plan for dealing with the worst – an actual theft. In addition to your privacy policy, consider adding an internal policy that describes how you will deal with any type of security breach. As part of this policy, be sure to include a process for notifying both your customers and the authorities.
