No matter how fancy your lobby, or how cute your stationary, the lifeblood of your business will always be your customers and clients. Those customers trust you with some of their most important information; information that could harm them if it was stolen. What are you doing to protect your clients’ digital information? How are you and your business keeping client data safe?
Last week, we talked about the updates to PIPEDA laws in Canada. These laws are in place to protect consumers – like your customers – from having their digital data stolen. As we discussed in the last blog post, any failure to follow these new rules and protect your client information can lead to hefty $100k fines per violation. Keeping your client data safe isn’t just in your clients’ best interest; it’s in your best interest.
Let’s talk about some ways to keep that data secure.
Web hosting companies (think GoDaddy) provide a place to host your website (check out the blog on web hosting if you want a more thorough explanation). The problem is, unless you ask, you will most likely be given shared hosting. This means your website will share space with other websites. This leaves you – and your clients’ data – open to cross-side server attacks. Essentially, they gain access to all of the websites on the same server.
In order to keep your client data more secure, talk to your provider about a private secure server, or a virtual private server (VPS). It is more expensive, but because you don’t share space with other websites, it offers more security.
Add HTTPS:// to your web address
This will add a great deal of security to the client information that you collect on your website. Don’t know if you have this? Type in your web address and hit enter. Is there a lock symbol before your address? Does it say https:// or http://? If you see an unlocked icon, or you only have an http://, you aren’t secure. You can find out more by reading the blog I wrote about https://, and how not having it might be scaring away customers.
Add layers of protection for your client data
Use firewalls, anti-virus software and anti-malware software. There are a lot of options, so you have to do your research. Here is a good comparison of different anti-virus software. AVG and Avast are good places to start if you find this whole decision frustrating, and they offer decent free versions. The key here is to add redundancy and layers. Many hackers simply roam online looking for easy targets. If you aren’t an easy target, they will often move on. Have both a firewall and anti-virus software and you will avoid many attacks.
Do upgrades immediately
You might be frustrated with computer software companies for not doing enough to protect you, but typically, it’s a problem with the user (i.e. you) not updating. When the software finds and solves vulnerabilities, it offers an update. But you actually have to install the update. Keep all of your software up-to-date and do it immediately. Don’t put it off until a more convenient time. This goes for all programs and all devices.
Have your IT department or IT specialist help you set up updates automatically and show you what update requests look like so you don’t fall for any potential scams.
Have secure passwords
The easier a password is for you to remember, the easier it is to hack. 81% of data breaches are due to weak, default or stolen passwords. Yes, your staff may groan that they have to change their passwords every 90 days; that they have to have at least one uppercase letter, one digit and one symbol; that they have different passwords for different programs. But these rules are used for a reason – they keep your business and your client data safe. If they have to write the passwords down and lock them in a drawer, that is still safer than having weak passwords. Otherwise, look into a password program or app that allows you to store all of your passwords securely (we like Keeper).
Limit user error
No matter how much you do to keep your client data safe, you have to account for user error. Email is especially vulnerable – the latest Verizon Data Breach Investigation Report found that 66% of malware linked to data breaches or ransomware was installed via email attachments. This means training your staff not to click on links or open attachments from unexpected emails. You also need to train them not to download software that hasn’t been approved by your IT expert and not to plug in outside USB keys or other products into work computers. Sure, they might be annoyed at these rules, but it is critical to the safety of your client information. You’ll have to find other ways to make your staff happy. (Might I suggest office kittens?)
Look – we get it. This is overwhelming. You have so much to do already – going through this list sounds exhausting. But it is important to remember what is at stake. The average cost to Canadian companies in 2017 was $6.11 million, and it’s rising. You might think you are too small to be concerned. However, in their 2018 Data Breach Investigations Report, Verizon found that 58% of all cyberattacks happen to small businesses. On top of that, you have to keep PIPEDA compliant to keep the government off your back. Cybersecurity is one of the most important things on your to-do list, no matter how long it is.
The good news is that we will do what we can to help you – and your customers – stay safe. If you don’t have a dedicated IT department, we’d love to be your off-site IT and cybersecurity experts!