Establishing and maintaining a strict data security policy should be at the top of your 2016 resolutions as you prepare your business for the new year.
The following are five data security tips for small businesses going into 2016:
1. Educate employees on safe practices
Although many of the data security issues you hear about are from external sources, internal attacks are happening more often than many companies realize. Whether they're malicious or accidental, internal data breaches are very common.
To maintain strong security, merchants must put a data security policy in place so that employees at all levels are educated about safe practices. Workers need to know what information should not be shared publicly, especially over the company's network. The policy should also include information and guidelines on password management, Internet usage, best practices for bring-your-own-device programs, and a procedure for reporting security incidents. With a detailed policy, businesses can better enforce data security precautions, monitor employee access, and find the source of potential hacks faster.
2. Be wary of phishing
While there are many forms of internal data breaches, phishing is becoming increasingly prevalent in the workplace. Hackers are finding more intelligent ways to infiltrate a company's network. One method includes targeting emails to employees and executives with believable content. Most often these correspondences include decoy documents or websites requiring worker credentials. As soon as an associate enters the information, hackers have substantial access to the business network, company records, and even customers' sensitive data. A recent study found 39 percent of workers polled opened a phishing email even though they suspected it could be fraudulent.
Businesses must be sure to add phishing education as part of their data security policy, ensuring all employees are better able to identify a fake email or at least know what steps to take if there is a message in question.
3. Encrypt all sensitive data
To protect sensitive cardholder information, merchants should ask their POS provider or payment processor about card data encryption. While some enterprises may have to purchase this capability as an add-on, the overall cost savings will be well worth the initial expense. Encryption masks sensitive cardholder data the moment it's swiped and throughout the transaction. Encryption offers merchants a variety of benefits, including a competitive edge over opponents who don't offer the feature. Furthermore, the PCI DSS strongly suggests the feature for the transmission of customer data.
4. Make sure networks are secure
Employees can use unprotected wireless networks in their personal lives, so they can do the same at work, right? Wrong. Companies of all shapes and sizes utilize wireless networks today for their business, but it's essential these access points are completely secure. Enterprises should password-protect their wireless internet systems and use WPA2 encryption to maintain data security.
Although securing these networks is crucial, businesses also need to educate users about how these connections should be used. Employees should only access and transmit company data when on the secure network. Networks that aren't password protected can be used for personal tasks, but workers should be aware of what information fits into that category. Any data that could be considered work-related should always be accessed and sent over a secure network.
5. Implement EMV readers
Many merchants are aware of the push toward EMV chip-enabled credit and debit cards to better guard against fraud. As consumers receive and begin using their issued EMV chip credit and debit cards, merchants should think about adopting EMV-enabled payment terminals to further protect customer data and reduce liability for certain cases of card-present fraud.
Small businesses should take the proper steps to maintain their data security in 2016. Secure networks, data encryption, and EMV acceptance are just a few ways merchants can help protect their company and customer records while avoiding non-compliance penalties and possible information breaches. With a strong data security policy and breach protection in place, enterprises can reduce the possibility of internal attacks and maintain consumer trust.