Data breach is the loss, theft, accidental release or publication of personally identifiable information including: social security numbers, bank account numbers, credit or debit card numbers, driver’s license number, patient history or medications.
As a small business owner do you believe that it is only the large companies that are being targeted and are at risk for data breach? If so you may be surprised to learn that it is small businesses that are becoming increasingly at risk for data theft. The Verizon 2013 Data Breach Investigation Report indicated that companies with less than 100 employees comprised 31% of data breach incidents in 2012.
What can you do to minimize the risk to your company?
1) Secure sensitive customer, patient, and employee data.
How? By keeping all paper files, and removable storage devices locked up in a cabinet or drawer. Restrict access to sensitive information to those who have a need to know in order to perform their job.
2) Properly dispose of sensitive data
Shred documents containing sensitive information prior to recycling. Remove all data from computers and data storage devices prior to disposing of computers. For more information check out http://www.cnet.com/news/the-right-way-to-destroy-an-old-hard-drive/.
3) Use password protection
Password protect all business computers-including all laptops and smart phones – and access to your networks and accounts. Require all employees have unique user names and strong passwords that are updated quarterly.
4) Control physical access to business computers
Create user accounts for each employee to prevent unauthorized use. Limit network access on any computer stations in public spaces such as reception areas.
5) Encrypt data
Install encryption on all laptops, mobile devices, flash drives and encrypt emails that contain sensitive information. Encryption helps the privacy and security of files while they are being transmitted and while they are on the computer.
6) Secure access to the network
Enable your operating system firewall or purchase reputable firewall software. Be very wary of free firewall software which may actually contain “scareware” that can infect and compromise your network. Allow remote access to your network only through a a secure manner such as a Virtually Private Network.
7) Protect against viruses and malware
Install and use antivirus and anti-spyware software on all business computers. train employees not to open email attachments or downloads unless they are from a trusted source.
8) Keep software and operating systems up to date
Install all updates to security, operating systems, antivirus software, and web browser as soon as they become available. These software”patches” address known or discovered security vulnerabilities.
9) Verify the security controls of third parties that have access to your data
Before working with third parties that will have access to your data, computer systems or will manage your security functions make sure their data protection practices meet your requirements and that you have right to audit them. Not only do you have the obligation to keep your business and customer date secure, but if a breach occurs even if it is on their watch your company could still be held liable. This means besides paying fines, penalties and judgments you will likely be required to take all the necessary steps towards recovery- such as, notifying customers, and monitoring victim’s credit.
10) Train employees on company security practices
Make sure employees understand the company’s data protection practices and their importance. Document the company’s policies procedure, practices and and policies and distribute them and provide any necessary training.
Call and ask Sandy about Data Breach insurance to protect your business. This can typically be added to your Business Liability insurance.