As a business owner, protecting sensitive customer data should be your top priority. Without the proper safeguards and protocols in place, you not only risk losing your customers’ trust and business, but potentially incurring serious penalties.
With the New Year comes the opportunity to revisit and strengthen your security protocols around customer and corporate data. Toward that end, here are three practices to avoid in 2016 if you want to remain in good standing with your customers and protect your business against fraud.
1. Failure to have a security plan in place to protect customer data
Whenever customers do business with your company, they usually entrust some degree of personal information to you. It rests on you, as the business owner, to protect this information. The potential consequences of failing to do so – identity theft, penalties and fees, and damage to your relationship with customers – are devastating to your business. As such, it’s essential that you have a comprehensive security plan in place, one that should include frequent risk assessment, as well as oversight and responses to new developments, according to the Federal Trade Commission. A robust security policy must address all the operations of your business, including employee training and management, procedures for information processing, storage and disposal, and contingency planning to guard against and respond to security breaches.
2. Failure to put a fraud prevention plan
Equally important to a strong security plan is a strong fraud prevention plan. Your business’ very livelihood is at risk without such a plan. Your fraud prevention plan should follow three key steps. First, it should ensure that anti-fraud practices are followed and that there is a means for detecting fraud. Second, there should be written procedures which explain work processes for important areas. And finally, there should be a system of checks and balances which assign employees specific responsibilities and encourage them to be vested in the security of your business.
Written procedures are especially effective for strengthening internal consistency and adherence to anti-fraud policies, and they should exist for the following areas:
- Cash and receivables accounting. Strong cash and receivables accounting policies instruct employees on how to detect bad checks, counterfeit currency and stolen credit cards.
- Critical data and corporate information. By scheduling regular and mandatory document shredding of employee information and corporate data, you can reduce the likelihood of information being stolen.
- Policy for Internet, email, laptops, cell phones and storage devices. Create a written policy for laptops, cell phones, and storage devices that will help lessen the chances of company and customer data from getting into the wrong hands.
3. Weak employee password policies
Another mistake many businesses make is failing to have a strong employee password policy. Reusing credentials or having a weak password is always a bad idea, whether it’s employees using the same passwords for their Facebook, Gmail and banking accounts, or employees choosing passwords that are too simple and easily guessed.
Having a lax policy opens up the risk that your company and its’ customers could be infected. Accordingly, it’s vital that your business makes it a point to enforce a strong password policy, which should require that employees come up with long, complex and unique passwords, explains CSO.com, a leading authority on security and risk management.
In the New Year, make sure you take the steps to safeguard the sensitive data of you and your customers. Institute an anti-fraud policy, develop a strong password policy for your employees, and create a security plan. These are three of the easiest, and most cost-effective, ways to safeguard against malicious data breaches.