Are you Protecting your Clients' Personal Information from a Cyber Attack?
As a business owner, you are required to protect your clients’ personal information from cyber attack by providing a "reasonable" level of cybersecurity. "Reasonable," in this case, is a term being defined and refined as our government tries to determine what, exactly, is necessary to protect the public from the potentially devastating ramifications of cyber attacks. Legislation is happening at both the national and state level. Be sure to know what your state requires of you as a small business owner.The first step you might want to take when it comes to your business is auditing your current data security practices and creating a plan for how you'd proceed should a breach happen. According to the Federal Trade Commission, a sound data security plan has five key principles:
- TAKE STOCK. Know what personal information you have in your files and on your computers.
- SCALE DOWN. Keep only what you need for your business.
- LOCK IT. Protect the information that you keep.
- PITCH IT. Properly dispose of what you no longer need.
- PLAN AHEAD. Create a plan to respond to security incidents.
The U.S. Small Business Administration also has a great deal of helpful information on cybersecurity, including a list of "Top Ten Cybersecurity Tips."
At a minimum, here are some things you should be doing right now to protect your clients' personal data:
1. Only store sensitive client data on a computer with an internet connection if it is absolutely essential for conducting your business.
2. Use strong passwords. Passwords should be long, with a mix of letters, numbers, and characters.
3. Change your passwords regularly.
4. Be sure to use an up-to-date anti-malware program on your computer. If you’re worried about cost, you needn’t be. There are free software programs available, as well as inexpensive midrange options.
5. Use a firewall to protect your computer from hacker attacks. A firewall is software or hardware designed to block hackers from accessing your computer. A properly configured firewall makes it tougher for hackers to locate your computer and get into your programs and files. Prices can vary, but there are highly rated options that can be purchased for as low as $39.99 year.
6. Make sure you are using Transport Layer Security (TLS) encryption to protect the financial or other sensitive information you transmit or receive. On June 30, 2018, TLS 1.2 will be the standard to use; otherwise, you’ll be putting your clients’ data at risk. If you use an e-commerce platform, you’ll want to make sure you’re compliant. For those of you using WooCommerce, here is info on checking your compliance.
2. Use strong passwords. Passwords should be long, with a mix of letters, numbers, and characters.
3. Change your passwords regularly.
4. Be sure to use an up-to-date anti-malware program on your computer. If you’re worried about cost, you needn’t be. There are free software programs available, as well as inexpensive midrange options.
5. Use a firewall to protect your computer from hacker attacks. A firewall is software or hardware designed to block hackers from accessing your computer. A properly configured firewall makes it tougher for hackers to locate your computer and get into your programs and files. Prices can vary, but there are highly rated options that can be purchased for as low as $39.99 year.
6. Make sure you are using Transport Layer Security (TLS) encryption to protect the financial or other sensitive information you transmit or receive. On June 30, 2018, TLS 1.2 will be the standard to use; otherwise, you’ll be putting your clients’ data at risk. If you use an e-commerce platform, you’ll want to make sure you’re compliant. For those of you using WooCommerce, here is info on checking your compliance.
There are numerous free resources out there to help you get up to speed on the topic of cybersecurity. Here are a few of the best ones:
Start with Security
www.ftc.gov/startwithsecurity
Small Business Administration
www.sba.gov/cybersecurity
Better Business Bureau
www.bbb.org/cybersecurity
United States Computer Emergency Readiness Team (US-CERT)
www.us-cert.gov
OnGuard Online
www.ftc.gov/OnGuardOnline