Does your business store your client’s credit card or other sensitive information? Do you accept order forms by fax, email or other insecure means?
Have you thought about the risks to your business’ reputation if your client’s information was compromised by hackers?
March 30th, the personal data of approximately 1.5 million credit cards in North american were compromised by the data breach that occurred at Global Payments Inc. Global Payment’s stock dropped 9% that day. Additionally VISA dropped Global Payments from its registry of approved providers that meet data security standards.
Information security is becoming an increasingly important part of operating a modern business yet all to often only hits the radar of business leaders after a compromise occurs.
It is important to note that under both federal and provincial privacy legislation, business owners face both civil and criminal liability when they do not adequately protect their customer’s private information.
Here are a few steps you can take to help protect your business:
Create a Policy:
- Establish guidelines for the use of technology including the use of personal email at work.
- Set guidelines on what software may be installed, who is permitted to modify your computer systems & networks and what activities are acceptable for employees to engage in at work.
- Ensure the policy is written and that every employee reads, understands and signs the policy.
- Keep your system up to date, taking the time to deploy all updates and anti-virus software.
- Take inventory of all the data your business touches or stores that you wouldn’t want compromised.
- Evaluate who has access. who has access, where its stored and how well protected it is.
- Once you’ve made your inventory consider engaging a security professional who can help you protect this information adequately.
Avoid Storing Data:
- Don’t store data you don’t need to, especially credit card numbers!
- Work with your payment processor to offload the responsibility of storage onto the payment processor instead of your business.
If you conduct an inventory of data and find that you’re storing confidential information about your customers, consider whether you have the skills and experience to protect this information. A security audit is often very inexpensive.
It can save you considerable time and expenses by avoiding a breach in the first place. According to the 2011 Data Breach Investigations Report, 96% of breaches were avoidable through simple or intermediate controls.
-Ryan Wilson, Chief Technology Officer