Data security is a big deal for business owners, and if you’re not already taking steps to improve yours, you’re missing the boat. Your customers are counting on you to protect the sensitive information they entrust to you when they make a purchase at your business. Fortunately, following a few commonsense tips will go a long way toward making sure that you’re keeping yourself and your customers safe.
What Kind of Data is Vulnerable?
The short – and terrifyingly unhelpful – answer to this question is that all data is potentially vulnerable and attractive to criminals. This makes an immediate case for collecting and storing as little data as possible from your customers – more on that in a bit. First, however, take stock of the personal data you are already collecting and make sure you thoroughly understand what happens to it when it enters your system. We’re talking about everything from customer names and account numbers to credit card data here, so be thorough. Consider keeping a log of the kinds of information that you collect on your customers, where it is stored within your business (including any software programs that have access to it), and who on your team is responsible for collecting and monitoring each piece.
Do You Really Need All That?
Now that you know the kinds of data you collect and store, consider whether you really need all of it to effectively meet your business goals. One of the most important pieces to address is how you’re handling and storing credit card information. Ideally, you shouldn’t be storing this kind of sensitive information at all. Your credit card processor or gateway, if they’re reputable, should be handling this data for you and keeping you out of scope of PCI compliance. If they’re not, it’s best to find someone who will. If you need a recurring billing solution, use tokenization to enable returning customers to easily and securely make payments. As for other information, like names, addresses, and phone numbers, make sure you’re keeping them in a secure database and limiting the users who have access to it with unique login credentials.
Make Sure You Trust Your People and Your Processes
As a business owner, you need to have full faith and confidence in every member of your team. One of the most overlooked aspects of a business security solution is the human element – people are fallible, even when they don’t mean to be. Make security training a part of your quarterly or annual training, and ensure your employees understand how to handle credit card transactions and other sensitive data.
Your procedures and technologies should also get frequent updates. Keep all computers, laptops, tablets, and smartphones up to date with the latest anti-virus and anti-malware protection, and ensure each is set to lock promptly when not in use. Lock sensitive paper files in a secure filing cabinet or fireproof safe and guard the keys carefully. Finally, make sure your physical office or store space is secure with solid locks on all doors and windows and an alarm system.
Review Your Networks Frequently
Even the best-protected computers are at risk of attack if the network they are connected to is compromised. Set up a strong firewall and ensure it is configured properly for the way your company does business and handles information. Consider hiring an IT consultant for this important step, as a poorly configured firewall is hardly better than none at all. If you use a VPN to access your network while offsite, invest in a good one that encrypts data securely. One commonly overlooked aspect of network security is remote access by software providers and IT consultants. If you’re ever had a technical support professional remotely access your machine to fix a problem, that software is likely still on your computer and still making it vulnerable. Make sure to disable or uninstall remote access software once the work is completed. You can always reinstall it if you need it again later.
Know Your Partners and Vendors Well
This is a definitely a lot to take in. If you’re feeling in over your head with all the things you need to do to protect your customers’ data, relax – there are industry experts who have devoted their whole lives to protecting this kind of information. Find a reputable credit card processor who will manage your data for you and take the stress off your shoulders. Do your homework before signing up with a credit card processor, however, as not all are qualified to do the job. Ask to see proof of their PCI compliance record and any audit reports they may have before signing on the dotted line. If you’re looking for a payments company that checks all these boxes, look no further than 360 Payments. Give us a call at 1-855-360-0360 or drop us a line on our website. We’d love to show you how we protect the security of our merchants and their customers.