How to Protect Your Business From Data Breaches


In the wake of news that cyber thieves stole credit and debit card data from over 100 million Target shoppers, businesses owners across the country are wondering what they can do to prevent a data breach. In addition to burdening customers with the inconvenience of replacing credit and debit cards, companies that are hit by hackers often lose sales after a cyber attack. For example, Target reported that its sales dropped by roughly 5% after news of the data breach was released. Below are several steps your business can take to prevent a data breach from occurring.

Only Collect and Keep the Data Your Business Actually Needs

Many businesses keep voluminous records containing sensitive customer data. Regardless of whether the data is stored electronically or on paper, your company should take an inventory of the personal information that is potentially available to hackers or thieves. If any of this information is not essential to the operation of your business, it should be deleted or destroyed. Information that is stored electronically should be encrypted and your company should limit the number of employees who have access to sensitive customer data stored both on paper and electronically.

Draft and Implement a Privacy Policy

Many large businesses have privacy policies. (Here is Walmart’s privacy policy, for instance.) It is also a good idea for small and mid-sized business that store customer’s credit and debit card data to have privacy policies as well. Your company’s privacy policy may also discourage employees from writing down their passwords and encourage employees to use best practices to prevent laptops and other electronic devices containing data from being stolen. The privacy policy should be reviewed annually and updated whenever your business changes or upgrades its information management systems.

Hire Experts

If your company does not have its own IT department, consider hiring a outside firm to set up robust security measures for your company’s computer systems. Outside consulting firms can also be used to test the strength of your data protection programs and determine if your information technology systems have vulnerabilities that could be exploited by hackers.

Furthermore, business owners may want to consider supporting efforts by credit card companies to use chip-based cards instead of cards with magnetic strips that store personal information. According to the New York Times, many retailers, including Target, have resisted efforts to introduce chip-based cards because the companies would be required to invest in new credit card processing equipment. As reported by NPR, Visa and Mastercard are planning to use chips in the majority of U.S. cards by October 2015.

If your company becomes the victim of a cyber attack, it is important that you act quickly to report the breach to the police and inform your customers who may have been affected. But when it comes to data breaches, Ben Franklin’s observation that “an ounce of prevention is worth a pound of cure” rings true.

Image via Shutterstock

About the Author

Greg Coleman

Greg Coleman is the founder and Managing Partner of Greg Coleman Law, located in Knoxville, Tennessee. Mr. Coleman represents individuals in complex class action lawsuits involving defective consumer products and dangerous prescription drugs.

comments powered by Disqus