Companies have good reasons to fear data breaches.
Whether it’s a single hacker targeting Twitter accounts with a phishing scheme or an orchestrated attack on a major U.S. retailer, sometimes it feels like I read about a new data breach every day.
Retailer Target revamped its security this month after it was revealed that hackers stole credit card numbers and other personal data from millions of customers last year, an incident that saw the company’s chief information officer resign. The banks who issued the compromised credit and debit cards had to spend millions of dollars replacing them.
Beyond the hit to customers and banks, this kind of hack puts the company at risk of losing the trust of investors and the public. While data hacking can hurt anyone, it’s a particularly big threat to any company that stores sensitive information about health, finances and security. A breach could open also open up those companies to costly lawsuits and damage control initiatives.
What can we do about it?
I meet a lot of clients in my IT services business concerned about data breaches. While small business aren’t necessarily high priority targets for big-scale hackers, it’s always a good idea to exercise caution.
Here are four ways small businesses and individuals can prevent data breaches and mitigate loss:
1. Actively protect and backup your data
It’s not enough to build an IT security policy once and be done with it. As a small business, you need to be constantly assessing and testing your security defences, updating software and being proactive against a potential breach. Regularly remind employees — who are more and more likely these days to use their own devices and web accounts at the office — of your company’s IT security protocol.
As well, take the time to actively backup your data in a second location in case you do get hacked. If you store data in-house, consider storing a second set with a reliable cloud service provider in case the original location’s security is compromised.
2. Two-step verification
Consider implementing a two-step verification process in your IT system. The process requires the user trying to access a computer or account to identify themselves twice via two different means. Google, for example, will ask users for their account passwords as well as a code sent via text, voice app or mobile app if he or she tries to log in from an unfamiliar computer or device.
ATMs use a two-step verification process. A thief may get his hands on a debit card, but he can’t use it to withdraw cash without the PIN. Two-step verification is often an optional security feature on many cloud programs. I highly recommend enabling it.
3. Consider using fake information while online
Create a secondary email address to use when signing up for email lists or free resources on the web. Many of these resources ask you to supply your personal information. Unless it’s your bank or another secure site, there’s no reason to hand over your real information. If the site asks you for your mother’s maiden name, make up a new one. Same thing goes for details like your address and phone numbers.
4. Be smart about it
Don’t create the same usernames and passwords for all of your accounts, even if you think it makes your life easier. Some great apps, like 1Password, will store your different passwords for you.
If your bank or even a client doesn’t normally communicate with you via email and sends you a request for sensitive information, don’t hesitate to give them a call to verify the request. Think before you click. If you’re worried about the security of your business, call an expert.