November 7, 2015
More and more, our modern businesses are driven by Big Data and customer information. We gather demographics about our customers, hold their payment information to make their next purchase simpler, and keep their passwords on file so they can access their website again. This makes our jobs of serving our customers easier, but also makes our businesses more tempting targets for hackers and targeted identity theft.
Millions of people become victims of identity theft in the United States every year, racking up $50 billion in losses. If your company is the reason that someone's information is stolen, you will lose customers, sales, and potentially your business.
While it may seem like identity theft is something that only bigger companies need to worry about, smaller companies often have less robust data security and are much more likely to be targeted. In 2012, a yarn and knitting pattern company, Knitpicks, was breached, exposing thousands of customers' information. Because the company did not notify customers promptly, many of them only found out about the breach when they discovered fraudulent charges on their cards. So as a company, what can you do to protect your customer information?
Keep Your Antivirus and Malware Protection Updated
If you are computer savvy enough to make sure all updates are installed and working properly, it is cost-efficient to purchase quality antivirus software and make sure that it's installed on all the machines in your network. You need to keep a close eye on updates, and make sure that they're installed and updated on schedule.
If you aren't comfortable managing that for your business, you can either contract with a local IT person to manage updates and service on a regular basis, or use one of the many online companies that can remotely handle IT needs.
Don't Store Information You Don't Need
In the heyday of Big Data, it seems like you should keep all the information about your customers that you can store, from the name of their great grandmother to the last five websites they visited before yours. But in reality, the more information you store, the juicier target you are, and the more you potentially have to lose.
Store only the information you have a purpose for. Get rid of the rest. After all, any information you don’t keep can’t be stolen in the event of a large breach.
Know Your Responsibilities
If you discover that any part of your system has been breached at all, the most important step you can take is to follow the reporting requirements in your state. If you're not sure what those are, you can review your state's laws at the National Conference of State Legislature. If you're not sure what to do after reviewing the state laws, contact your local chamber of commerce to ask for advice on your next step.
Losing customer information is a huge problem, but it isn’t necessarily a disaster. In the Knitpicks example cited above, the company never actually notified customers that there had been a breach. Customers realized something was up when there was a huge wash of knitting friends reporting identity fraud all at the same time in online communities. Knitpicks was identified as a common thread, and evidence of the breach was found on a state website. The company, however, responded to requests for comment by shutting down their Facebook page and eventually making a statement on their blog, which was later deleted.
If a company loses customer data, it's important that it reacts quickly to reestablish trust and empathy with its customers. It should release a plan as to how it will protect customers from identity theft (and put that plan into practice!) and work with customers to undo any damage that might have been done to their credit or finances.
Has your company ever needed to respond to a security breach? What was the most helpful thing you learned?
Did you like this article?
Get more delivered to your inbox just like it!
Sorry about that. Try these articles instead!