According to the Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses report, the percentage of small businesses that have experienced a cyber-attack in the past 12 months has risen from 55% in 2016 to 61% in 2017. Another study saw a 20.5% increase in attempted cyber-attacks between November and December of 2016.
This information should make it clear that your online security should be a business priority. As online shopping ramps up for the holiday season, changes may need to be made to protect your businesses’ data, as well as the data of your customers. Here are 8 tips to follow so that you and your business can stay safe all year round!
Only Collect Data You Need
The best way to keep data out of the hands of hackers is to not have any of that data in the first place. When collecting data from customers, only collect what you really need and only keep it for as long as you need it. Any data you do collect should be stored on a secure server or other secure device or space and should be frequently cleared when the information becomes unnecessary to conduct business.
Use Outside Providers for Credit Card Information
It is best to avoid collecting and storing customer credit card information on your own servers or devices. Instead, use a third-party system like Square or PayPal. These companies have the advanced security measures in place to keep your customer data safe. As an added benefit, it may give your customers peace of mind to know you are using a secure system with a great reputation.
Use SSL on Pages that Collect Customer Information
Use SSL certificates on checkout pages, signup pages, and customer login pages. An SSL certificate can secure the connections from those pages to a browser and prevent attackers from stealing passwords and credit card info. Customers can see you have these certificates because the URL starts with “https”. Showing the customer that you are prioritizing their security can go a long way to making them feel safe shopping on your site. If you don’t have these systems in place, customers might not trust your site enough to make a purchase.
Encrypt Everything
Always encrypt your passwords and other sensitive information as a precaution, in case the data falls into the wrong hands. If you store customer data on your computer, consider encrypting your hard disk. This way, even if your laptop is stolen or misplaced, customer data won’t be compromised.
Always Update your Software
Delaying software updates can put your system at risk. These updates often include fixes for bugs and other issues that could leave you vulnerable. Be diligent with updating to the latest version of every software or program you use. This is especially important for your shopping cart or credit card purchasing applications. By continuing to update your processes to the latest and greatest, you can help ensure your customer data is protected.
Review Your Internal Practices
Make sure everyone on your team has access to only the data they need. If employees keep data on their computers, consider restricting them from bringing the device home. Employees that do work with sensitive data should also be educated on best practices for storing and disposing of that data. Also, the use of strong and secure passwords should be required on any company accounts. If you aren’t sure where to start, working with a cybersecurity consultant can help you implement these processes.
Require Customers to Use Strong Passwords
When customers create accounts on your site, require that passwords contain certain characters or be a certain length. By making efforts to educate and remind your customers to prioritize their own online security, you can help protect your site as well. You can also consider adding two-step verification for consumer accounts for extra protection.
Be Diligent
Though it can be difficult to make the time to stay updated on your online security, it is paramount for the protection of you and your customers. Have regular checks and balances in place to make sure no data has been compromised. If you don’t have enough bandwidth to employ a full-time security expert, consider outsourcing. The investment up front will be much lower than the cost of paying ransom to a cyber attacker, or the cost of lost customers who won’t return after their data is compromised.