10 Jul How Safe Is Your Customer Data From Theft?
It seems like we can’t go a month without hearing about a new cyber attack on a big company. Although the motives might be different, the end result is usually the same: private information about customers gets leaked to the public. In this post we examine data security risks and what you can do to ensure your confidential data is kept safe.
If you run a business in this day and age, I’m guessing you aren’t keeping your customer information in a giant Rolodex or even locked away in a filing cabinet. You and the rest of your company are more likely using client database software to store your customer data.
And why not? It’s easier, it’s more efficient, and it just flat out makes sense. You don’t use a phone book to look up public numbers anymore, and probably haven’t for a long time. Everything is digital and more convenient, easier to access. That ease of access is where issues can start to form, however. Quite frankly, if it’s easier for you to access information, it’s most likely easier for everybody else to access it too.
And that is a big problem.
The Scale Of Data Breaches
According to a study conducted by antivirus company McAfee, security breach awareness is growing – but despite this, the number of breaches continues to grow as well. When 1,400 IT professionals at companies located in the US, UK, France, Germany, and Australia were polled, 60% of them said they had experienced a data breach in the past year. Of those who did not experience a data breach, a mere 6% were absolutely sure their company had not fallen victim in the past two years.
It seems like everyone is potentially at risk: from mega corporations like Target, to hospitals, small businesses and everything in between.
The potential harm of cyber attacks on your company database could be devastating. Immediate issues would be the loss of credibility with your clients as well as monetary damages. In 2014, the cost of small business cyber attacks jumped up to $27,288 AUD per attack.
Analysing Risk and Protection
So you’ve probably got a few big questions: how does everyone else protect their data? How big is the risk to your customer data? What can you do to make sure it is safe?
The first question is the trickiest to answer, because there is no sure-fire way to stop a cyber attack. Aside from the precautionary methods which we’ll get into in just a second, many organisations set up a “trap.” The idea is to expose holes in security on purpose before they get uncovered by accident. This is by no means a foolproof method, though. These systems are created specifically to lure attackers and are not accurate representations of real scenarios.
The other two questions go hand in hand. There are ways you can check the security of your customer data as well as make it more safe, and you don’t necessarily have to be an IT professional.
7 Key Security Risk Questions
Start by asking yourself these questions:
- Do you have digital copiers in your office? Traces of sensitive information are left everywhere, including the copy machine. They contain hard drives that store information about documents that it copies, prints, scans, faxes, or emails, particularly high risk are faxes and scans. Data can be stolen if the hard drive is removed or even potentially accessed by remote access. Ideally, your copier will have security features and will enable you to overwrite the hard drive: do this at least once a month.
- How do you move data? Are employees emailing it back and forth? Are they printing it out and taking it home? Can they access the customer database from home, or from mobile devices? Chances are their home network will not be as secure as the one in your office, so it might not be the best idea to allow staff to access sensitive information from just anywhere.
- How strong are your passwords? It might sound simple, but people still haven’t learned to use better passwords. According to antivirus maker Norton, the top five passwords are still “123456,” “12345,” “123456789,” “password” and “iloveyou.” Some people don’t even change from the default password! This is one of the easiest ways for data to be stolen, yet one of the easiest to fix.
- Are you using encryption? Encryption makes it so only you or your intended recipient can read your data. There is a step by step guide to encrypting on the PC World website.
- How are you handling disposal? When your computers get outdated, don’t just toss them in the garbage. Use software wipe programs to clear the hard drive of any information that you wouldn’t want recovered by hackers. Simply deleting something from the Recycle Bin on your computer might not be enough to remove it for good.
- Are you keeping unnecessary data? How much information do you really need about your clients? Do you need to keep copies of their credit cards on file, or do you just need a name, business, and phone number? The more unnecessary data you keep, the more attractive it can be to potential hackers.
- Is your staff properly trained? If they are using their own laptop to access important data, simply losing it would open the door to somebody stealing your client list, which is why using work-only computers is preferable. Either way, employees need to be trained to avoid phishing scams and social engineering techniques to avoid giving away passwords and company details.
Like we said before, niche, industry or size of company doesn’t matter, recent company data breaches include – Amazon-based shoe company Zappos who gave up 24 million accounts and Domino’s Pizza in France and Belgium who gave up 592,000 customer records…and their customer’s favourite pizza toppings!
Running a business is hard enough without having to deal with cyber criminals, so ask yourself and your company these questions. Make sure your company is on the same page when it comes to cyber security, and take all the precautions you can to increase your safety and that of your clients.
Here at Red Rock Software we take data security very seriously. Talk to us today about how we can help improve the efficiency and security of your client database.
