To avoid this, businesses need to be extra careful with how they handle and store customer data. This isn’t always an easy task, though. To help highlight some approaches that work, we asked the experts of Young Entrepreneur Council the following:
What are some good customer data habits companies should have in place in order to limit the amount of damage a hack can do?
Here is what they advise:
- Collect only the data you need There is a common sentiment that more data is good. But the reality is that for the vast majority of businesses, you don’t need to collect detailed personal data about customers, because you probably won’t use it. Unless you have a large technical team with security experts or can pay top dollar for top solutions, the easiest way to prevent a painful hack is to limit the data you collect. – Aaron Schwartz, Passport
- Change your passwords often If you’re still using the same password for everything and haven’t changed it since 2007, that’s a problem, especially if you keep the same practices for your business. It’s essential to change passwords often to prevent hackers from getting access to private customer data and information. Choose something you know you can remember that’s difficult to figure out. – Chris Christoff, MonsterInsights
- Limit login attempts If you want to keep customer data safe from hackers, limiting the login attempts of each user can help block brute force attacks and keep your website secure. It’s also a good idea to make a backup version of your website to ensure that if something does go wrong, you can stop the hackers in their tracks while still keeping your customers’ data safe. – Syed Balkhi, WPBeginner
- Have a ‘kill switch’ If your IT team notices a hack or a leak, the best way for them to mitigate the damage at that exact point in time is to have a kill switch. This is a worst-case scenario, nuclear option: Shut down all access to servers, take down websites for maintenance, and put everything on hold until you can resolve the issue. – Bryce Welker, Crush The CPA Exam
- Choose a secure web host Make sure to choose a secure web host. Not all web hosts will value your business security equally. So, when shopping around for a web host, make sure to research and ask questions about their level of security. Also, if security is a concern, you might not want to use a shared hosting account, rather, go with a private server account. It’ll be more expensive, but it will also be more secure. – Stephanie Wells, Formidable Forms
- Implement a password management system A password management system is a good way to share passwords within the organization without having to copy/paste and risk security. You can use a system like OnePassword or LastPass to help you manage everyone’s login. This will also help your employees create more difficult passwords, decreasing the likelihood of hacks, while not having to remember each individual password. – Jared Atchison, WPForms
- Don’t store credit card information The biggest damage of call comes from hackers getting your customers’ credit card information. This is easily avoided for most companies by using third-party payment processors who manage all the credit card details. Use platforms like Stripe, Paypal, Square, etc. to receive payments and issue refunds. Let their platforms manage that data for you so you don’t have that risk. – Andy Karuza, FenSens
- Create automated backups Decentralize server functions and build redundancy along with creating automated backups. Having an array of backup servers that can be hot-swapped in and out at a moments notice can help mitigate downtime. Also having some form of infrastructure monitoring or intelligence software installed can help with the early detection of potential issues. – Jordan Edelson, Appetizer Mobile LLC
- Hold monthly meetings on cyber security It’s important to make sure your team is consistently aware of current best practices for handling data, and the potential risks that are happening today. Having a monthly meeting or even a mandatory webinar will allow you to keep the team up to date and emphasize the importance of maintaining these information practices. – Nicole Munoz, Nicole Munoz Consulting
- Limit employee access Ask yourself, who needs access to this piece of data to help the customer? In my experience, I’ve found that access to company records and data is many times too wide open to employees who don’t even need it. Yet most attacks will likely come in via an employee; they are your weakest link. By ensuring accesses are as limited as possible, a potential breach is limited in scope. Always evaluate. – Michael Averto, ChannelApe
- Allow for guest checkouts You can limit the amount of information a customer provides by allowing them to check out as a guest. This feature will give the wary customer peace of mind by not forcing them to sign up with all of their personal information, and allow you to collect just what you need to complete the sale. – Blair Williams, MemberPress