There’s good reason the global cyber security market is forecast to climb to $80 billion by 2017. Within the last month, there have been at least three high-profile victims (Epsilon, TripAdvisor, and the Texas Comptroller’s Office) of a sensitive data breach. Whether it’s a stolen laptop, server breach, or improper paper document disposal, what’s the biggest lesson we’ve learned from these incidents? Don’t let your brand be tarnished by a preventable hack.
Here are eight ways to think about how you treat your customers’ data — so your business doesn’t end up in the headlines, too. (Note: Some of these solutions can be pricey.)
1) Use a dedicated server. To save money, many small businesses use a shared server to host their files. Not only does this mean that many different sites, programs, and scripts are being run on the same machine, but other individuals — besides your company’s employees — have access to your server. This means your website may be more vulnerable simply because of another site’s weak security. Cyber security is no longer a luxury, but a necessity. While it’s considerably more expensive, using a dedicated server can significantly reduce the opportunity of your site being hacked by an outside party.
2) Encrypt data. Keeping sensitive records unencrypted is always a risk. Data files kept and information sent via the internet through an improperly secured channel is an open door to a cyber thief.
3) Utilize a website malware monitoring service. If your website gets hacked, you might not even know it until it’s too late. Sites like HackAlert and Dasient protect your website and visitors from malware. They’ll also notify you if your site has been compromised or infected with malicious code. Semantic Endpoint Protection is another option, which is geared toward centrally managed corporate servers and workstations.
4) Restrict access to personal information. As part of your company’s records management policy, people who have “no need to know” should not have access to sensitive customer files, whether paper or electronic. Keep sensitive files in a centralized location — under lock and key. For employees that need to access the corporate network while traveling or working from home, ensure their laptop offers secure VPN access.
5) Shred sensitive paper documents. The Fair and Accurate Credit Transaction Act (FACTA) Disposal Rule requires businesses that possess consumer (or employee) information for a business purpose to properly dispose of the information. In other words, it’s the law to shred — or burn or pulverize — sensitive consumer data. Don’t let what happened to this Colorado dentist happen to you.
6) Use a wiping program. Hitting the “delete” button doesn’t permanently get rid of a file, and the above FACTA disposal rules apply to electronic media (hard drives, CDs, DVDs, floppy disks) as well as paper documents. Summit Hard Disk Scrubber, Active KillDisk, and Blanco are some of the available data erasure software programs that can permanently remove files from a hard drive. For free file erasing software, try Eraser, Freeraser, or File Shedder.
7) Use computer screen facial recognition software. PrivateEye, developed by Oculis Labs, is a new — and way cool — software application that uses facial recognition technology to protect your computer screen from “shoulder surfers”. Here’s how it works: As long as your employee is looking at his computer screen the data is legible, but as soon as he looks away from the screen, the screen blurs, making it illegible to onlookers. For employees that work with sensitive customer electronic information, Private Eye adds another layer of protection. Check out the video demonstration here.
8) Create a plan in case of a breach. This includes isolating the problem, notifying customers, and getting an IT security expert involved to fix the situation. Swift action may minimize detrimental consumer repercussions and can make a vast difference in the legal ramifications you face — as well as your corporate reputation.
For more helpful cyber security tips, visit the Intuit Online Security Center.