Cyber Monday should serve as a reminder to small and large retailers as thousands of transactions take place, personal and financial information trades hands, and business owners are left to care for that information.
Let's make Cyber Tuesday a day to review procedures for keeping customers' data secure.
"Unfortunately, some business owners have the notion, 'A data loss won't happen to me, so I don't have to worry bout it,' " says Neal Custer, owner of Custer Agency, a digital forensics and information security company in Boise. "But it only takes once to convince them they should have been proactive."
According to the Federal Communications Commission, theft of digital information has become the most commonly reported fraud, more common than physical theft. Even if you don't have the resources to hire a full-time security expert, every business has the responsibility to create a culture of cybersafety to enhance business and consumer relations.
"If it does happen to you it is much more expensive to correct," Custer says. "If you do something more preventative, you'll be better off."
BBB asks businesses to consider this:
1. Data Encryption - Assume cyberthieves will hack into your business system. Thieves can expertly determine your system's weaknesses. Protect information, computers and networks with firewall software that is updated and tested on a regular basis. Having the latest security software, Web browser and operating system can be the best defense against viruses, malware and other online threats.
2. Insider Threats - Internal employees can be a major cause of data breach. All personnel working for your company should have a background check performed. Lost or stolen technology, including laptops, hard drives or smartphones with confidential information, leads the list of small-business breaches. Employee mistakes also are a common cause. Train employees in security principles, including developing strong passwords and changing them every three months.
3. Have a Contingency Plan - When a data breach does occur, have a response plan in place. Make a list of contacts to notify first, including credit monitoring companies, lawyers and communication agents. The plan should identify who has access to certain information, how data is stored and how it is backed up. Early response can help control potential damage.
4. Insurance Coverage - Cybercrime presents a real risk. Contact a third-party insurance agent to create a plan to protect against cyberthreats.
5. Have Backups in Place - Regularly back up data on all computers at least weekly. Store information off-site or in the cloud. Critical data includes human resources files, accounts payable and other financial files.
6. Keep Security Information Private - Don't share information about your company's cybersecurity. Criminals can and will use any public information about a security system to get around it. Also, avoid promising consumers their information is absolutely safe with the company.
The Federal Communications Commission provides small businesses with a free step-by-step planning guide that helps companies create a cybersecurity plan to help protect against threats.