Data security problems keep multiplying. According to Paula Biewer, Fond du Lac, an independent associate with Prepaid Legal Fees, “In 2005, the website at www.privacyrights.org listed six pages of security problems. Today,” she explained to me, “it has over 100 pages, and ID theft is the number one complaint.”
The two biggest culprits, especially with small businesses, are indifference (not my problem) and ignorance (I don’t see a problem).
These days, neither argument is good enough. Under new rules that took effect on November 1, you could be liable for security breaches at your business. Above that, it just makes good business sense to provide quality security for your customers.
The irony is that most security errors can be easily avoided. Many consultants I’ve talked to pointed out that most breaches were the result of mundane mistakes and oversights.
What to do: Most security issues are basic and require little effort to address. Here is what you need to do now and some ideas on how to do it.
- Remember that most emails are not secure. Never send credit card and other sensitive info via email.
- Create a credit policy. It should include how data is collected, handled, stored and disposed of.
- Be careful if you create a do-it-yourself website. You and your customers could be at risk if you build in credit card payment options that do not comply with DSS (Data Security Standards).
- Train your employees about how to handle secure information. Make them aware of how to protect data.
- Conceal sensitive information. Example: Do not include your customers’ entire credit card number and expiration number on receipts.
- Store information properly. Do not leave paperwork lying out on the open on desks. “You wouldn’t leave a pile of cash on your desk,” says Biewer, “but people leave sensitive and valuable information lying around all the time.”
- Do not store credit card numbers or other sensitive information on your web server. This makes it vulnerable to hackers.
- Monitor all transactions for fraud. This often requires little more than verifying signatures and checking a second piece of identification.
Just as you would not leave your doors unlocked overnight or leave your own credit card sitting out in the open, accept that you must be ever and always vigilant against hackers and other data thieves. It’s not just the law these days. It’s also good business sense.
(A version of this article first appeared in the October 2008 edition of NEW North B2B Magazine.)
Popularity: 4% [?]