We’ve been hearing a lot about data breaches lately. We know they can be accidental - like the loss of a laptop computer containing unencrypted files - they can also be deliberate, like a criminal hacking incident. Last week, BBB provided some preventive tips for consumers. This week, we’ll take a look at what businesses can do to prevent an attack and their customers’ sensitive information.
"Security is a major concern for businesses, especially when adopting new technologies involving business data", said Mechele Agbayani Mills, President and CEO of BBB Serving Central East Texas. "While there is no fail-safe guarantee that a data-breach will never occur, there are many ways companies can minimize their risk."
BBB provides the following basic guidelines to businesses to reduce their risk for a data breach:
· Keep current with security software updates. Keeping your software and operating systems up to date is your first line ofdefense against hackers.
· Restrict access to data. Not all employees need to have access to all aspects of your network. Grant employees access to data only on an “as needed” basis. Limit access in public areas as well, for example, many companies have separate Wi-Fi networks intheir reception or lobby areas.
· Don’t collect what you don’t need. Remember, thieves can't steal information you don't have. Destroy the information responsibly once its usefulness has expired.
· Conduct regular check-ups. Organize periodic risk assessments to determine if new procedures and rules are necessary.
· Don't rely on encryption as your only method of defense. Encryption is a security best practice, but, when used alone, it can give businesses a false sense of security. Although the majority of state statutes require notification only if a breach compromises unencrypted personal information, professionals can and do break encryption codes.
· It’s not just about IT. To eliminate threats throughout the organization, security must reach beyond the IT department. Evaluate strategiesin all departments, then establish and implement procedures to help make your company data breach resistant.
· Educate your employees. It’s important for employees to be trained about the proper handling and protection of sensitive data, particularly if employees telecommute or if they use portable devices such as laptops to access information. It’s also important for employees to be very discreet when discussing sensitive information with customers or clients where others can hear.
· Expect high standards from others. If your company has taken the necessary steps to minimize data breach risk, hold your vendors and partners to the same standards. Remember some third-party service providers may be required to maintain appropriate security measures in compliance with certain state and federal regulations.
· Retain a third-party. An evaluation performed by an objective, neutral party who specializes in corporate breach and data security may be well-worth the additional expense and provide peace of mind.
· Have a plan. A plan can help your company act quickly if a data breach does occur. Not only will this help prevent further data loss and possibly significant penalties, it can help maintain customer confidencein your company.
For more tips on how to be a savvy business owner, go to bbb.org. To report fraud or unscrupulous business practices, please call the BBB Hotline: (903)581-8373.