The recent Equifax hack in the United States shone a spotlight on the dangers of sharing any data with a company. Equifax, after all, is a huge business tasked with keeping hundreds of millions of clients’ most personal information. And somehow they still managed to get hacked. The long-term consequences are yet to be seen, but it’s estimated that half the population of the US is now at risk of identity theft.
If people weren’t afraid of sharing personal information before, they are now. While much of the fallout from the Equifax hack has focused on the American company’s incompetent and corrupt response, we all know that it could have happened to a ‘better’ company.
Of course, this means that it could happen to you too. As a small business, you have to work extra hard to gain a client’s trust. Many people expect big companies to have better security protocols, and are therefore reluctant to share information with smaller companies.
So, where do you start? Without a doubt, you’ve got to have solid internal security systems. Your staff needs to know how to create a password that is actually secure, as well as learn what they can and cannot share.
Then you’ve got to go about building a secure reputation among your clients.
1. Have a strong, transparent privacy policy
A privacy policy is both for your sake and the clients’. It reminds you of your responsibilities and commitments, and shows clients not only that you care about their safety, but that you are accountable if anything happens to their information. The privacy policy should be transparent as well. It should details the lengths you are going to to protect your clients’ data, as well as what you can and cannot do with it.
2. Collect as little info as possible
If you don’t need certain information, don’t ask for it. While it may be useful to have identification information on file for future use, rather collect it only when you need it. Instead of using personal information for customer identification, use usernames and passwords.
3. Scan all new devices
It’s a hassle, I know. But before plugging any device into your network – even a brand new USB – scan it.
4. Keep it internal
By now, we should all be well aware of the risks of sharing company and client information over personal emails or texts (think Hillary Clinton, Bell Pottinger, etc). Make sure your staff knows not to share any information outside of your company’s network. Even if it’s not illegal, it is a risk you don’t have to take.
5. Train your employees on new risks
New security risks pop up all the time, and all it takes to be compromised is one employee making a mistake. Any new employee should be educated on security protocols and the possible risks, such as phishing, malware, etc. Whenever you become aware of a new risk, be sure to update your employees and train them to protect themselves against it.
See also: How to protect your customers’ private information