Tips to Keep your Customer’s Data Safe
The number of cyber-attacks on businesses, large and small, are growing, and hackers’ abilities to quickly adapt with new technologies makes it challenging to combat their attempts to compromise your system and steal information. Not only is your business’s information extremely important to keep secure, so is your customers’. The trust a customer puts in your business when then provide you with personal data or credit card information is invaluable. Without trust in your business’ ability to keep their information secure, customers would choose to buy those products or services elsewhere. Follow these important tips on keeping your and your customer’s data safe.
Use A Secure Server
Your server is the hub of data exchange for your business. Without a secure server, your entire network runs the risk of being hacked. Trust me, it’s best to be proactive about this than to wait until it’s too late. There are many steps you can take to improve your server’s security. None of these are “set it and forget it” solutions, you need to have a process to review all systems and ensure they are receiving the latest security patches.
- Keep your server up to date
- Keep your web apps up to date
- Utilize an antivirus software
- Use a SPAM filter for your emails
- Train employees on basic security practices
- Use strong passwords
In addition to your business’ server, you want to make sure your website is hosted on a secure server because oftentimes, especially for ecommerce sites, your customers will be providing important information through your website. You can learn more on how to keep your website secure and what to consider when selecting a host for your website in our previous blog posts.
As a best practice, you should also segment your network so that web servers and eCommerce platforms are not on the same network as your users. Taking a zero trust approach to network security acknowledges that threats can often originate from within the network itself.
Keep Everything Updated
Updating your software is extremely important. Whether it be various applications you use regularly, your website, or even the browser you use, updates are crucial to keeping your business secure. Some updates involve improvements to the usability of the software, but the majority of the time it involves an important update to the security of the software itself. These updates help you to mitigate the risk of cyber-attacks and keeps your information safe.
We often hear about encrypting data, but what exactly is it? Encryption can be done on data at rest, such as when you store a file, and data in transit, such as when you connect to a website. Encryption is the process of taking data and encoding it so that if the data is stolen or accessed by an unauthorized user, they won’t be able to read the information. Once encrypted, the data can only become readable again with the correct corresponding key to decrypt it. (You can find more in-depth information on encryption here.)
Encrypting your data helps to improve the security of your data and helps to keep personal, private, and important information safe in the event of it being accessed by an unauthorized person. The idea of data encryption may sound overwhelming but don’t worry. You don’t have to do it yourself. There’s software available that can do the encrypting for you.
In the 2019 Verizon Data Breach Investigations Report, it was reported that the majority of successful hacking attempts result from stolen credentials. It’s been found that most passwords can be hacked in under 2 hours and many people use the same password for multiple accounts. Your login credentials to your email, CRM, POS, bank account, social media, and more is the key to your information and the ability to make changes to whatever is associated with that account. You don’t want them to all be accessible with the same key. When creating strong passwords:
- Keep the passwords unique for each account
- Make the password long. Usually aim for 10-14 characters
- Don’t use anything predictable, meaningful, or actual words. Make the password a random mixture of letters, numbers, and symbols.
You can add another layer of security by using two-factor authentication. This often requires you to use your login credentials and verify the login from another registered device or email.
Payment Card Industry Data Security Standard, or PCI DSS
If your business accepts payments through debit or credit card, then this applies to you. PCI DSS is a set of security standards created to ensure that all businesses maintain a secure environment for processing card payments. This keeps your business, your customers, and card companies all safe. If you aren’t sure if your business is PCI DSS compliant, then you should make it a priority to become compliant. A list of FAQs and guide to PCI compliance can be found here.
Use Vendors or Providers Who Prioritize Security
When searching for vendors for your business such as a web host, payroll system, payment system, and more you want to make sure they prioritize security and have strong security processes in place. Using an unsecured provider can put your customers’ data and you at risk. Before you select a provider for any of the services mentioned earlier, and others, ask them what their security standards are and make sure they meet or exceed your own.
Use these tips to mitigate the risk of your business’ or customers’ data being breached. This will help to build trust with your customers and help you to rest easy knowing you’re doing what you can to keep important information secure.