All businesses big and small are responsible for protecting the personal and corporate data of their client base. This data can include everything from names and addresses to Social Security numbers and credit card account information.
It’s not only good business sense to safeguard your customer data—it’s also a legal requirement. The Fair Credit Reporting Act (FCRA) imposes stiff fines and other penalties for failing to adequately protect this information. To keep your client data safe and ensure your company is not sued, fined, or tarnished by a data breach, follow these helpful tips.
1. Restrict employee access to client data
Limit employee access to company computers and servers containing sensitive customer data to only those team members who actually need it. This is most often done with password protection and password sharing applications. Password sharing apps, like LastPass, allow you to share passwords with your team without actually displaying those passwords across cyberspace.
Beyond electronic access, also limit physical access to computers, servers, and other devices that store such data. This can mean installing access controls, keeping hardware in secure off-site locations, and/or storing devices in locked rooms and cabinets when the office is not in use. Be sure to also inventory all devices that store client data to ensure they haven’t been stolen or misplaced.
2. Install multiple layers of security
Anti-virus software, firewalls, intrusion prevention systems, anti-subversion software—these security systems and others like them should be used to protect your company’s server and computers. The key is to add as many layers of security as possible, since hackers are likely to move on to an easier target, if your network and devices are particularly well defended.
And don’t forget to regularly install updates and upgrades to your security software, so you’ll be defended against the latest viruses and malware. Regularly check your software vendors’ websites and the U.S. Computer Emergency Readiness Team’s (UC-CERT) site to stay up-to-date on the latest threats, vulnerabilities, and patches.
3. Select the most secure web hosting service
Web hosts are businesses that host your website and data on their own off-site servers. These servers tend to be fairly extensive and may host hundreds—and even thousands—of websites on the same machines. There are numerous web host businesses out there, but they come with varying levels of server-side protection, including things like security cameras, different types of anti-virus and anti-spyware systems, and hard-wired firewalls.
Be sure you select a web host that offers a high level of security, especially against cross-side server attacks, which involve hackers who open a fake account with the company to access other websites on the same host server. For enhanced protection, use a virtual private server (VPS), which partitions your website from other sites that share the same server.
For maximum protection, open a private server account in which your website and data are maintained on your own separate server. This option is pricey, but still a lot cheaper than getting fined and/or sued for a data breach.
4. Hire professional computer security experts
While your normal IT guy or gal may be able to offer you a minimal level of protection, it may be best to hire a seasoned security professional to monitor your company’s server and computer activity. These experts will be specifically trained in the latest trends in hacking and other electronic infiltration methods, offering the most effective safeguard for your customer information.
However, these IT security professionals are quite expensive, so as your Creative Business Lawyer®, we’ll help you think through the risk and reward of hiring one and advise you on whether your company requires such an investment or not.
5. Notify clients when their data has been compromised
If your computers or servers are hacked and your data is compromised and/or stolen, immediately contact your customers to let them know. Not only will this allow clients to take steps to protect themselves, like closing their vulnerable accounts or alerting their financial institutions to be on the lookout for suspicious activity, but it’s also required by state and federal data breach laws.
As a business owner, you’ll need to stay apprised of the latest legal requirements for protecting your sensitive client data. As your Fmaily Business Lawyer, we can advise you on what safeguards you should have in place and how to implement them. And if you’re ever hacked, we’ll defend you in court against any lawsuits and/or penalties that might result. Contact us today to learn more.
This article is a service of Katie Charleston, a Family Business Lawyer®. We offer a complete spectrum of legal services for businesses and can help you make the wisest choices on how to deal with your business throughout life and in the event of your death. We also offer a LIFT Start-Up Session™ or a LIFT Audit for an ongoing business, which includes a review of all the legal, financial, and tax systems you need for your business. Call us today to schedule.