[BreachExchange] Protecting Your Small-Business Customers

[Audrey McNeil]

http://africabusiness.com/2016/09/25/protecting-your-
small-business-customers/

Many entrepreneurs and small-business owners in Africa are reaping the
reward of the global tech and web-services booms, and have built strong
business models which they can apply locally… and some, even globally. But
as more and more of these small businesses are finding out, small
enterprises are increasingly being targeted by cybercriminals, too. How can
you protect your small-business customers and decrease your risk?

Protecting Your Customers on Social Media

It takes two seconds to share a happy customer’s testimonial. And engaging
with customers on social media has become the new standard of business,
promoting familiarity and conversation between a business and its clients.
But, in all cases, whenever a customer’s name or information appears on
your social media page you need to have their permission. Make it a rule of
thumb, even if you believe you have their implied consent, just ask.

Protect Your Customers’ Payment Information

If you work with a debit or credit card validation system, you’ve probably
already been assigned a level of risk for credit card fraud. Those with
high risk can typically only use high-risk credit card processors. Credit
card companies, payment card processors, they all protect themselves from
risk: and your small business can do the same thing!

To start, make certain that all third-party services and software companies
all clearly outline how they help you protect client information. For
example, if you take payments over a website, ensure that your hosting
provider has malware and intrusion alerts, and a strong firewall system.

If you use in-person register software, or a smartphone adapter like
Square, ensure that you’re comprehensively familiar with how the system
stores card data, and who’s liable if anything happens. If you frequently
swipe customer cards, ensure that you never do so on a public network, and
always sign into a password-protected network for make transactions.

Monitor for Malware and Other Cybercriminal Activity

If you operate a website, you should utilize a program that monitors for
malware or other problems. You should also run updated malware software on
any computer that accesses customer data. And you should set a recurring
monthly date to update that software as needed, to ensure that it’s working
properly and catching any bugs that other software might miss. This will
reduce your risk threshold, helping protect your clients from discovery by
hackers exploiting weak habits on your computing machines.

Liability Insurance

If your business is in high-risk fields, or if you handle the payment
information of many individuals, consider opting for liability insurance.
Not only will thisbuild protection for your business into your business
model, but it can also help your clients! In some fields, especially with
contracting, good liability insurance can even be a positive signal to
potential clients, many of whom will only work with contractors with strong
insurance coverage.

Destroy Sensitive Data With Care

Eventually, it becomes time to destroy documents you’ve accrued over the
year, shredding and disposing of papers. Make certain to shred documents,
rather than just trash them, and also use a computer-wiping program to
truly destroy digital copies and data. Often, deleted files can be
recovered by an enterprising, tech-minded individual, so employing a
program to help with wiping data is essential.

Have an Emergency Plan If All Else Fails

Even the best-laid plans have flaws, and one day your customers’ data might
be compromised. It’s important to have a plan in place before this happens,
so that you can respond quickly, efficiently, and ethically. Always contact
your clients to inform them of the breach, and work diligently to correct
the issue. Most clients will appreciate your transparency.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160926/0e505151/attachment.html>