More of our information is online than ever before, and with big industry hacks becoming almost commonplace, information security is on everyone’s mind. If you want your customers to consider your company trustworthy, one thing you’ll need to do is have a plan for how to handle their information. After all, if customers find out that you were the source of a data breach, it may be impossible to repair their trust with you.
Here are some cost-effective tips to help keep your business and customer information secure that don’t require you to hire a complete IT department or create a whole new budget.
Don’t use default passwords or usernames
When you first buy a router or server, it comes preinstalled with a default username and password. (Often Admin/Password, although some companies use different defaults). This makes it easier for the customer to get started quickly, but if you never update this information, you’re leaving your company wide open for attacks and hacks.
When you install your server or other system, you’ll be given a chance to update the default username and password. Always do this, even if you change it to the same information you use for your email! Absolutely any change is better than no change.
Outsource payment processing
If you’re taking payments, you are required by law to keep your customer’s payment information behind several layers of security. Keeping up with the changing requirements for security as well as the changing technology behind the updates is a lot of work.
Many small companies find that outsourcing payment processing is about half as expensive as maintaining the proper secure environment yourself, according to the Wall Street Journal.
Make sensitive information Need To Know
Consider what information each employee needs to know, and make sure that your computer systems only give them access to that information. Your customer service representatives probably don’t need to know a customer’s credit card number, for example, but they might need to know the last four digits so that they can confirm the card when processing a return.
One of the first rules of security is to remove temptation. By restricting sensitive information, you make it harder for those who are looking for an opportunity to do something illegal, and make it much more likely that they’ll look for an easier target.
Sign up for automatic updates – and automate backups
From your operating system to your firewall and antivirus software (you do have firewall and anti-virus software, right?), manufacturers regularly push out updates to software that addresses bugs, identifies new viruses or problems, and keeps the software running properly.
Sign up to get these updates automatically to maintain the highest level of security at your business. While you’re at it, get your system set up for regular backups of changing files, and set up an automatic virus scan every day.
Keep usernames updated when people leave or change jobs in an organization
This seems obvious, but it’s overlooked far too often. When someone leaves an organization, their access to all systems needs to be removed promptly. When someone changes positions in an organization, they need different levels of access to servers, computers, and information.
When you have a dedicated IT person, this is often their responsibility, but if you don’t yet have an IT person for your company, make sure you’re keeping up with this. Disgruntled employees can provide a huge liability for businesses, and unused accounts are ripe for hacking.
Every business that operates online – which, in our modern world, is basically every business – needs to have a plan for protecting information as part of its operating procedures. You should know what needs to happen, whose responsibility it is, and you should follow up regularly to make sure that everything is working as it should.
Too often, we let ourselves believe that IT is too complicated for “regular users,” and while it’s unreasonable to expect every business owner to know the intimate ins and outs of SQL and C++ and database processing, everyone can learn the basics of how to protect their customers’ information. After all, it makes you a better company, which should be your ultimate goal with everything you do.