A woman in a yellow-green button-up shirt sits at a table and looks at the screen of a laptop. The woman has her long dark hair pulled up into a ponytail and she wears glasses. In the background is a rack of clothing and a large mirror.
Even the most cautious employee can get tripped up by ever-evolving scammers. Tools like spam filters and encryption can stop security risks before they're even encountered. — Getty Images/Westend61

A report from Hiscox, a small business insurer, found that cyber attacks cost small businesses over $8,000 annually. Attacks targeting small merchants often aim to access customer data such as names, Social Security numbers, and credit card or other account data. Not only are these attacks financially expensive, but they can cause further damage to a business’s reputation, stability, and growth potential

The good news from the Hiscox report is that small business owners have gotten savvier about preventing cyber attacks. There’s still room for improvement, however. Here’s how to make sure you’ve implemented the strongest possible protection for your customer data.

Review what customer data you store

The Federal Trade Commission offers a five-point data security plan to help small merchants protect their customer data. The first step is to take stock of the customer information you currently store and where you store it.

“Inventory all computers, laptops, mobile devices, flash drives, disks, home computers, digital copiers, and other equipment to find out where your company stores sensitive data,” wrote the FTC. Note what information you store — such as names, physical addresses, email addresses, and billing information — in addition to where this information is kept.

Include your employees’ devices in this inventory. This might mean asking your team to turnover any personal devices they use for work, since customer data can be shared via email, direct message, or through your website. The goal of this step is to map out where customer data lives, the type of information you keep, and how this information flows to and from your business.

[Read more: 4 Simple and Easy-to-Deploy Ways to Protect Your Company Data]

Only collect must-have information

A good rule of thumb for keeping customer data protected is to limit how much data you collect to begin with. If you don’t have a legitimate business need for a piece of sensitive personal information, don’t keep it.

“For example, don’t retain the account number and expiration date unless you have an essential business need to do so. Keeping this information—or keeping it longer than necessary—raises the risk that the information could be used to commit fraud or identity theft,” wrote the FTC.

Implement strong spam filters to prevent scams from reaching their unwitting victims.

If there’s any information you have been keeping that you no longer need, make sure you delete it responsibly. Data purging is the best way to get rid of sensitive customer data that you won’t use again. There are plenty of tools that can help you do this, such as HubSpot’s Operations Hub.

Ensure your business is PCI-compliant

PCI DSS stands for Payment Card Industry Data Security Standard. The Payment Card Industry includes major credit card brands like Mastercard, Discover, American Express, and Visa. These credit card providers set security rules for any business that accepts their cards to protect customer credit and debit card data. If your business accepts any noncash payments, you may have to meet PCI DSS standards.

The goal of PCI compliance is to ensure that businesses that accept and utilize or store card information do so in a secure environment that protects cardholder information. There is a broad set of standards that merchants must meet; while PCI compliance can be resource-intensive, it’s one of the strongest strategies against hackers. Payment processors like Square and Clover can help you streamline the process.

[Read more: 8 Best Practices for Keeping Customer Data Secure]

Strive to prevent spam

As criminals become more sophisticated, it’s getting harder and harder for small businesses and their employees to spot and avoid potential spam. Phishing and ransomware attacks are among the most common cyber attacks against small businesses, and spam is a common way for criminals to perpetrate these types of attacks.

Implement strong spam filters to prevent scams from reaching their unwitting victims. There are many affordable (and even free) anti-spam filters for email. The FTC also has a guide on How To Get Less Spam in Your Email.

Encrypt your customer data

Finally, if you’re not doing so already, encrypt all sensitive customer information that you use, store, or send. Most laptops, smartphones, and tablets offer built-in encryption for the entire device. Enable this in your device settings for basic protection. You can also use encryption tools built into your operating system to encrypt files and folders. Right-click the file/folder, select "Properties," then "Advanced," and check "Encrypt contents to secure data."

Remember, encryption is just one layer of security. Combine it with other practices like strong passwords, access controls, and regular backups for optimal data protection.

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Get Our Free Guide

Get the information you need to comply with the Corporate Transparency Act and file your beneficial ownership information reports by January 1, 2025. Failure to submit the new paperwork by the deadline puts small business owners at risk of criminal penalties. Download our step-by-step guide to completing the BOI reports.



Published