Most small business owners don’t spend a lot of time worrying about their data. While they might make sure to select secure passwords, they probably never give it a second thought unless money starts vanishing from accounts, or a website is taken down by hackers. If we give the idea any consideration, we expect that either our business wouldn’t make a good target, or that our bank would simply let us know if something looked off.
While banks certainly do their best to identify and fight identity theft, there are very good reasons to keep a close eye on your online data and to take steps to protect yourself, your customers, and your employees from both overt and more subtle attacks.
Thieves don’t always go after your accounts
An identity thief certainly might try to get direct access to your funds, but one that does so is most likely no longer concerned about being detected. An equal or greater danger exists when your data security is compromised by someone who doesn’t employ such obvious methods.
More sophisticated criminals can use payroll information to defraud employees and your business by claiming tax returns on real or bogus income on behalf of your employees. While Australia’s Tax office’s data-matching systems and similar preventive mechanisms by other governments are designed to detect these types of activities, criminals have been known to get away with this type of theft in the past. Further, the data captured by these criminals can then be further used to victimize individual employees in their private spheres.
Information is often more valuable than simple cash. A hacker that manages to get into your systems might simply download sensitive data and install a keylogger to capture login information from employees. By doing so they can access even more sensitive data, which could include anything from trade secrets, to the personal information of customers, suppliers, and employees. Moreover, since most people reuse the same passwords for multiple purposes, the captured data can, again, be used to further target employees in their private spheres.
Steps you can take
Identity thieves and fraudsters are constantly innovating new ways to commit crimes, which makes security largely a reactive and preventive enterprise. No system is ever fully safe, in large part because a large number of real humans need to use it, and those tend to be locked out by their own security measures. Making sure they can get back in inherently creates vulnerabilities for less technological methods, such as social engineering.
To protect your data well, you’ll want to take steps, to make your data more difficult to access, while also preemptively working to minimise the damage a hacker can do if they were to succeed.
1. Improve password protection
Don’t allow people to use personal passwords, or any traditional password protection for email accounts or to access your business’ systems. Instead, use a single or multi-factor authenticator. Two factor authentication, for example is very difficult to circumvent, and hackers wouldn’t simply be able to brute-force their way through such a system.
2. Keep proprietary information offline
Some information may be too sensitive to save in your systems in the first place. Family recipes, trade secrets, and other proprietary information that isn’t copyrighted, patented, or trademarked should be kept either in non-digital form, or on a computer that isn’t connected to the internet. Information that isn’t available to be found can’t readily be stolen.
3. Purge data periodically or archive it offline
It’s your responsibility to protect the data of your current and past customers to the best of your ability. An important way to do that, is to purge old information regularly. Hackers have, in the past, stolen logged credit card information and personal data from millions of people at once by accessing years’ worth of customer data from poorly protected e-commerce stores. By removing old data, you can limit the scope of the damage and more easily address problems after the fact if necessary.
4. Encrypt your hard drives
One simple way to get around security measures is to take a low-tech approach and simply steal a laptop or a hard drive manually. While your online data might be properly protected, your computer is probably only protected by a simple password that can be cracked relatively easily. To keep that person from reading it, your data needs to be properly encrypted.
Taking proper precautions to keep your business’ data safe is a critical part of protecting your customers, your employees, and your own business. Moreover, doing this well is critical to earning and upholding the trust of the people your business interacts with.