Small businesses need to worry about data security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.argusleader.com/story/news/business-journal/2015/04/21/insight-small-businesses-need-worry-data-security/26149135/

Regardless of what line of business you work in, the data security breaches
at Target, TJ Maxx, Home Depot and other major retailers have brought
credit card and other data security issues to the forefront of consumers'
minds. The ramifications associated with stolen consumer data include
monetary damages to customers as well as reputational damage to the
businesses.

The five-month-long Home Depot data breach alone led to the theft of nearly
60 million credit card numbers and other personal data, identifying gaping
holes in U.S. credit card and data security. A blow to a company's
reputation is costly, with merchants oftentimes paying millions to upgrade
security to win back customer confidence, and sometimes losing consumers
who decide to shop elsewhere.

Fortune 500 companies aren't the only ones that need to be concerned about
data security. Small businesses are becoming the new target as larger
companies beef up security. Security technologies, as great as they are,
cannot fully protect consumer data. Businesses need to evaluate data stored
on their network, how to control access to it and what to do in the event
of a breach.

Here are a few tips for protecting customer data:

•Beef up network and software security. Businesses should encrypt customer
data at the database level to avoid unauthorized users from accessing
account information. Refer to guidelines published by the PCI Security
Standards Council for credit card and user data. Consider deploying
anti-phishing software to help protect company email.

•Require high standards of security for vendors. They should have the same
data and security standards as your company if not better. If vendors store
your customer data, understand exactly how they are securing your
information and handling access to ensure that your data doesn't fall into
the wrong hands.

•Train employees. Well-trained staff members can be one of the best
defenses against attackers. Developing policies and procedures for data
security and providing regular training for employees who handle customer
data is critical. Consider adding a two-step data verification for workers
who access data off-site to ensure that the access is limited to them.

•Limit access to data. Employees, especially millennials, want access to
data at their fingertips; however, limiting access to sensitive customer
data can make a huge difference in preventing a loss of information. Only
those employees who need access to the data to complete their work should
be allowed access.

•Ask your lawyer. If a breach occurs, the company could be on the hook for
millions of dollars worth of damages to customers. If a breach occurs, what
type of communication and notification will you provide to your customers?
Be sure to read and update disclaimers on your website, customer
documentation and vendor contacts often.

Following these tips can help prevent costly and embarrassing data breaches
from harming your customers, your business reputation and your bottom line.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!