Business Responsibility & Data Breaches
The Importance Of Businesses Protecting Consumer’s Data
Revised February 7, 2019
Originally Published November 8, 2017
The last 18 months have seen many major businesses like Equifax, Facebook, Google, Yahoo, Verizon and others appeared before in Congressional Hearings to discuss the responsibility of ALL businesses to take reasonable steps to protect consumer’s data.
Small businesses should NOT ignore these hearings, nor write it off as Congress only going after the big boys.
The responsibilities that Congress are holding these Wall Street companies to, will ultimately be required of Main Street businesses.
Small mom and pop’s and other businesses on Main Street MUST pay attention and follow these requirements as well!
Nearly EVERY business, whether small or Fortune 500, has a website collecting consumer data today.
How This Affects Main Street
Data responsibility affects EVERYONE; how they handle their customer’s information (even if it’s only name, address, email, phone, and date of birth for loyalty reward purposes) is of paramount importance.
In today’s world, that’s enough information for thieves, hackers, and those with malicious intent, to wreak havoc on a consumer’s online profile, and in some instances, identity theft (despite not having the social security number).
Congress is bent, and rightfully so, on holding businesses accountable and responsible for the consumer data they collect, store, disseminate, or in these cases, allow to be stolen due to breaches of their systems.
Even if the information the business collects is readily identifiable data; while it may be difficult for criminal prosecution with intent, there’s still the potential of criminal negligence.
At the very least, there’s the melee of negative press that will surround the company for allowing the breach, and failing to properly secure its data, network, and sensitive information.
Basic Best-Practices To Implement NOW!
The following are some minimal steps to take to understand the risks, and secure the company’s systems as best as possible.
There’s no 100% secure option anytime there’s a connection to the internet and world communications.
However, the following will greatly reduce and minimize the risk, thus showing the initiative of implementing best-practices:
1. Training & Awareness
- Understanding and recognizing the data collected, how it should be handled & protected, as well as what impact it may have if stolen is a necessary first step.
- Limit the sharing of sensitive information by properly instructing employees and users on proper protocols and disseminating of information.
- Follow today’s best practices for user security and password standards, thus making it more difficult to break in to a secure system.
2. Handling & Encryption
- It’s important to understand the best practices in handling and storing consumer data; especially by using secure encryption technologies when dealing with sensitive information.
- Go beyond making sure network data is transmitted securely, and protect the data where it is stored with proper security and encryption hashing best-practices.
- By encrypting the data, even if it’s stolen, it may still be useless if the hackers cannot break the encryption.
3. System Monitoring & Vulnerability Assessments
- Make sure proper systems are in place to monitor user access, as well as potential system vulnerabilities that may lead to a breach of data.
- It’s a company’s responsibility to be aware of all system accesses, points of entry, and potential vulnerabilities.
- Regularly run vulnerability tests to confirm overall system health and security.
- Overall monitoring can detect and prevent intrusions from unwanted sources that can result in security or data breaches.
4. Updates & Patch Management
- Keeping current systems and softwares up-to-date with the latest patches and software updates is of paramount importance to overall system security and avoiding breaches.
- Any security update or patch should be installed immediately upon notification to avoid prolonged risk exposure.
5. Content Filtering
- Content filtering allows company’s to secure company assets and networks against malicious software (malware) and potential hackers attempting access.
- Failure to use proper content filtering can result in users inadvertently downloading malicious files that can disable and override security systems in place, thus creating a security breach.
6. Emergency Response Plan
- Have in place a strategic plan for dealing with theft, hacks, or security breaches.
- Be sure to have an emergency backup plan with secure and reliable backups in place; secured separately for recovery efforts when needed.
The above noted suggestions are a bare minimum for today's businesses concerned about following best-practices, securing consumer's data to avoid theft, negative press coverage, and inconvenience.
Newsletter Archive Topics
- Design & Development
- General Information
- Marketing, General
- Online Security
- Organic / Natural SEO
- Search Engine Marketing
- Website Conversion
- Website Technologies
Newsletter Article Ideas?
We want to hear about it! Our newsletter is geared towards you so email your article ideas or questions to firstname.lastname@example.org.