5 Suggestions for Preventing Security Breaches

Following the recent Target data hack, now is a good time to evaluate your business’ data security.  For instance, there are some troubling statistics on how data breaches affect small businesses.  Did you know that 71% of security breaches target small businesses?[1]  And unfortunately, 70% of small firms that experience a data breach go out of business within one year.[2]  Most small business owners don’t take the threat of data security breaches seriously.  However, Lynn LaGram, assistant vice president of small commercial underwriting at The Hartford, says, “As cybercriminals set their sights on smaller firms, it is important for business owners to take proactive measures to protect data and minimize the likelihood of a breach.”[3]  Some suggestions:

Encrypt Data.  According to a recent study, 60% of businesses that had security breaches didn’t encrypt their data.[4]  Make sure your data is encrypted but don’t rely on that alone.  Although encryption is useful, it isn’t fail-proof. 

Hire a Pro.  An objective third-party security firm can provide you with an unbiased take on where the risks lie and what data security measures you need to follow.

Ask Only for What You Need.  Don’t collect information from consumers that you don’t require.  And reduce the number of places where your data is stored.  While you’ll always want to have a backup, you don’t want to increase risk by storing additional copies that aren’t necessary.[5]

Don’t Forget Your Employees.  While less common, data breaches also occur internally by employees, either accidentally or deliberately.  For this reason, employees should be on a need-to-know basis.  If they don’t require access to confidential information, it should be restricted.  Additionally, it’s a good idea to offer security training and to evaluate how employees are logging in remotely. [6]   

Screen Your Vendors.  Make sure that your vendors use best practices for managing confidential data.  Vendors who have access to your customer base’s confidential information should have systems and policies in place to avoid breaches.  If a vendor has a security breach, your customers will still hold your business accountable.  This is what happened to Target which, “found that hackers stole credentials from a vendor to access [its] systems and pilfer about 40 million debit and credit card numbers…”[7]