Home > Columns > CRM Columns

Data Breaches: What Business Owners and Shoppers Need to Know

By Lindsey Weiss  

Do you think about what happens to your data when you swipe your card at a coffee shop or enter your credit card number online? Or, if you’re a business owner, do you have a plan for protecting customer data, or assume you’re too small to be targeted by a data breach?

With cybercriminals expected to steal 33 billion records by 2023, data protection is something everyone should think about. Unfortunately, most of us don’t consider the security of our data until we’re affected by identity theft, ransomware, or another type of breach. Whether you’re a business owner or a consumer, here’s what you need to know about keeping your data safe.

Data Breaches and the Small Business Owner

Data breaches cost businesses an average of $225 per stolen record. That doesn’t sound like much — until you consider that the average data breach involves thousands of records.

Protecting customer data is good for a small business’s bottom line and its reputation, but despite the risks, small businesses aren’t doing enough to prevent data breaches: One in three small businesses haven’t taken any steps to stop a breach.

Even on a budget, business owners can implement basic cybersecurity measures including:  

• Securing WiFi networks.
• Installing firewall, antivirus, and antimalware software.
• Updating software on schedule.
• Using PCI-DSS compliant payment systems.
• Enforcing password policies and using multi-factor authentication.
• Wiping non-essential customer data.
• Protecting devices from theft or loss.
• Screening employees and contractors carefully to prevent insider threats.
• Educating employees on phishing scams.
• Routinely backing up data.  

Business owners also need to stay compliant with various state and federal privacy laws. All states have data breach notification laws that require business owners to notify authorities and customers in the event of a data breach. Some industries, including healthcare, have specific data protection laws that companies must follow. If you’re not sure about the laws that are specific to your industry, contact a lawyer.

When a breach does happen, the most important thing to do is contact tech support right away. These professionals will work quickly to recover your lost data and identify the source of the breach, whether it’s a phishing scam or other form of attack. If you don’t have in-house tech support, find qualified freelancers by searching through IT staffing agencies. By addressing the problem right away and hiring a company that specializes in recovering data, your business’s productivity won’t suffer greatly.

After identifying and containing the breach, the next step for small business owners is notifying customers. How you inform customers their data was exposed has a big impact on the future of your business, so don’t act hastily. Instead, work with a PR team to draft a message to customers, beef up your customer support staff, and consider offering a year of credit monitoring services to customers affected by the breach.

Data Breaches and Customers

Customers also have a role to play in protecting their data from cybercrime. In addition to using strong passwords and never using the same password twice, customers can protect their data while shopping online by only purchasing from sites with secure check-outs. To know if a website is secure, look for “https” (not “http”) in the URL and a lock icon in the address bar.

Shoppers should also avoid using debit cards when shopping, opting for credit cards instead, and avoid saving payment information for autofill. Credit cards offer greater consumer protection than debit cards and don’t put your bank account at risk.

Since businesses may fail to notice a data breach for months — if they discover it at all — consumers should also get into the habit of reviewing their credit report for any signs of fraudulent activity. Consumers are entitled to one free copy of their credit report from each of the three major credit reporting companies every year.

Cybercrime seems like a distant concern when you’re busy balancing your small business’s books or just living life. However, with an increasing number of small businesses getting hit by data breaches, you can’t afford to make cybersecurity an afterthought. Whether you own a small business or just shop at one, make sure you’re taking the right steps to protect your data. Even on a budget, business owners can implement basic cybersecurity measures including: Securing WiFi networks, Installing firewall, reliable antivirus, and antimalware software.