If you’re a business, you by definition know sensitive information about your customers. At the very least, you know physical and email addresses. But if you process payments through your site, and particularly if you handle subscription-type payments that are recurring, you may also store financial information about your customers’ methods of payment.
We’ve all seen the numerous news articles about data breaches affecting major businesses. For small businesses, even more is at stake, because it’s much easier for a customer to decide to no longer transact with a small business after a data breach.
Here are some tips for better safeguarding customer info:
1. Figure out what info you have
Take an inventory of every type of information you store about your customers in all your different systems. You’ll need to know this before you can think about safeguarding the data. This includes third party websites or partners you use with whom you share data.
2. Don’t store more than you have to
We live in a data-obsessed society right now, but as an operating business, the right choice may actually be to get rid of data you don’t need to be storing, such as extra info that’s not needed, or any info on customers that haven’t been active in a certain period of time (say, 3 years).
3. Protect your website in general
At CanSpace Solutions, we run a number of processes to safeguard your site from the most common types of hacker attacks.
4. Add extra protection
We’ve written about adding extra security layers for your site for extra protection.
5. Train your staff on phishing and other attempts
With so many safeguards for your site, the most likely breach is actually likely to be from human error.
6. Follow encryption protocols for data stored on servers
You’ll want to look into a solution that makes sense for you.
7. Get an SSL for your site
At this point, an SSL certificate for an operating business is more of a must than an option.
8. Add extra customer authentication to your site
If you have customer accounts with logins, consider two-factor authentication using a phone number or an email code. That’s really the golden standard when it comes to security.
9. Come up with a plan in case a breach does happen
This doesn’t have to be very specific unless you’re a large corporation, but it would still be helpful to outline what that steps will be if you find out
If you have any questions about website security, don’t hesitate to contact us!