Did you know that there has been an average of more than one reported data breach in the U.S. every single day for each of the last five years? And that’s only the reported data breaches. The number of unreported or undiscovered data breaches could be ten times, even one hundred times that number.
Those data breaches combined have exposed more than 4.2 billion records, and some studies have found that more than 80% of those breached records have included Social Security numbers.
And even the smallest breach on a small business can end up costing the business hundreds of thousands of dollars, not counting the cost of lawsuits and the long-term damage to customer trust and company reputation.
What we’ve learned from this endless litany of breaches is that most could have been avoided if the organizations that suffered the breaches simply took a little more care with the way they managed accessed to the data they control.
With that in mind, we’ve outlined 12 key steps to help you minimize the chance of a data breach.
- Recognize the risk and take it seriously. Sounds simple, but busy business owners often won’t admit that they are at risk and that they need to plan how they’re going to avoid it.
- Have a security plan. If you don’t write down your security rules and expectations, you can’t follow them. And neither can your employees. At the very least write down your Top 10 most important rules for protecting sensitive data and follow those rules relentlessly.
- Take privacy seriously. Privacy is a close cousin of security, and a lack of respect for privacy is often the first step towards a data breach.
- Identify the information that will get you in trouble, and focus on protecting that information. Losing your intellectual property or marketing plans can do your business harm, but nowhere near as much harm as losing sensitive customer data.
- Enlist all employees in the fight. Many, if not most, data breaches are as a result of mistakes or negligence by insiders like employees. The more aware and involved they are in security, the less chance of a breach.
- Enlist your partners too. Partners are another common cause of data breaches. When is the last time you did a security audit of the company you outsource your payroll to? Talk to your partners and make sure they understand what you expect from them.
- Try some tough love. For example, if so many breaches are as a result of an employee losing a laptop that just happened to have sensitive customer data on it, unprotected, to avoid such problems simply have a complete ban on storing any customer information on any laptops. Period.
- Don’t forget all those other devices. As more of your employees use devices like smartphones and tablets to do their job, and often bring their own unsecured devices into the workplace, it’s important you make sure that none of these devices turn into a back door for malware or other threats to sneak through.
- Think of security in layers. If you only have a single layer of security around your business, like malware protection, for example, your business will easily be breached if that one defense fails. Defense in depth means have lots or technical and administrative layers, from security technologies and scanning services to policies and employee training.
- Whenever possible, encrypt your data. One of those critical technical layers is data encryption that, if used properly, can protect your information no matter where it is – even on a lost laptop.
- Lock down your web site. It’s much easier for a hacker to break into your web site than into your business. And once inside they can spend weeks and maybe even months pilfering through your most valuable data and taking what they want.
- Review and update constantly. Hackers never stand still and neither should your security. New threats and risks emerge daily and your security has to keep up. In a small business, overall security needs to be reviewed at least once a quarter.
SiteLock helps more than 6 million websites from the possibility of a data breach. To get a free analysis on how we can help you call 855.378.6200.