Does your company store private data about your customers and vendors, such as their passwords, credit card details, or social security numbers? If so, even a minor security breach could seriously damage your company’s reputation — and lead to lawsuits.
Take Zappos, for example. The online retailer, which is known for its stellar customer service, got hacked in January, and confidential customer information (including email addresses and passwords) was stolen. Many of Zappos’ 25 million customers were supportive, but one customer has already filed a class-action lawsuit against the company.
Small businesses often fare even worse: 70 percent of small firms that experience a major security breach go out of business within a year, according to a PricewaterhouseCoopers study cited by SmallBusinessComputing.com.
What can you do to prevent data theft? Try these five strategies.
- Invest in protection. Security-focused hardware, such as Cisco’s branch routers, can detect network intrusions before hackers have the chance to access your data. Norton Security and other anti-phishing software can detect and erase viruses. The best security measure of all, however, is investing in a consulting session with a network security firm to discuss your company’s vulnerabilities and how you can best protect them.
- Regulate employees’ use of work computers. Data breaches often occur when employees unknowingly download viruses, install unauthorized software, or transfer work files to their home computers. If your company uses Windows computers, you can use the Windows Registry to deauthorize USB and optical drives to prevent file transfers. (Consult an IT expert on how to do this.) Microsoft Outlook also automatically blocks the download of file types that it recognizes as potentially harmful. Additionally, check your employees’ password strength and ask them to change any weak ones.
- Encrypt your data. According to a recent survey conducted by the Ponemon Institute for Experian, 60 percent of companies that lost information to a data breach had not encrypted their data. To reduce the likelihood of a network security breach and to reduce your company’s liability in the case that one occurs, it’s important to encrypt your files. SecurityProNews, a newsletter for IT managers, features details on encryption programs available for different computer platforms.
- Screen your vendors closely. If you provide your vendors or any third-party services with access to confidential data, research their policies carefully to make sure that they comply with security best practices. Even if a vendor causes a data breach, customers are still likely to blame your company if they provided you with their information.
- Create a contract that protects you from liability in case of a security breach. Work with a law firm that specializes in internet issues to create a contract that can keep you out of hot water in case of data theft. The contract should detail your liability (if any) in various legal situations and cap the amount you can be forced to pay in remedies.