Pagoda Blog

Whether you’re a company of 5 or 500, protecting your customer data should be a top priority. Data breaches and ransomware attacks are growing in frequency and there seems to be no target too small for hackers. If you gather any information on your website or store customer data in an online database, you need to be implementing data privacy laws and best practices. People are increasingly wary of submitting personal data online so it’s important to take the necessary steps to ensure their privacy and protection. By taking the necessary precautions, you will not only protect your business from a catastrophic data breach and potential lawsuits, but you will also gain the trust of your customers. 

 

As a small business, there are a few basic steps you should take to protect your customer data. The following 6 steps will make your website more secure, reduce the risk of a data breach, and help guarantee to your customers that their personal information is safe with your business.  

 

1. Switch your domain to HTTPS

Regardless of the type of business you run or whether or not you’re collecting sensitive data on your website (this includes basic info like a name and email address), you should use HTTPS for your entire site. The reason for this is that an HTTP website doesn’t encrypt the information sent between your website and the user’s browser. This allows the internet service provider to harvest this information which includes clicks, searches, app downloads, and video streams. While at first glance this data harvesting may seem benign, it can reveal sensitive information about an individual, from health issues to financial status. Learn more about making the switch from HTTP to HTTPS in this Pagoda post. 

 

2. Only collect the data you need 

Often a newsletter sign-up form or contact form template includes a laundry list of personal data, from full name and email address to company name, size, and zip code. Sometimes it’s necessary to collect more detailed information about your customers, but asking for too much can both deter people from filling out your form and put their data at risk. Ask yourself, what will I be using this data for? Is it really necessary to require site visitors to provide a full name and zip code or do you really only need their first name so you can personalize your email campaigns? You may determine that a full name and zip code is necessary to help you best serve your customers, but often companies collect superfluous data that then puts their customers at unnecessary risk. 

 

3. Be selective when sharing data with a third party 

In March of this year, it was revealed that FEMA released unnecessary data of disaster victims with an outside contractor, exposing the information of approximately 2.3 million people who used the agency’s services. This recent incident underscores the importance of taking extra precautions when sharing your customers’ data with a third party. Facebook also shared the personal information of its users with a third party app, leading to the Cambridge Analytics data privacy scandal, affecting 87 million people. If you plan to share data with an outside contractor or third party app, thoroughly vet the company first to ensure you understand how they plan to use the data, what security measures they have in place to store it, and establish that they cannot sell or share that data with any other entity.  

 

4. Use trusted WordPress plugins 

WordPress plugins are a great way to increase the capabilities of your website and improve user experience. While most are perfectly safe, some plugins may infect your network with a virus or make your website more vulnerable to cyberattacks. Always do your research before downloading a new plugin onto your site. Read reviews and conduct a Google search with the plugin name in addition to the words “hacked,” “unsafe,” or “compromised.” The WPScan Vulnerability Database also keeps an updated list of all reported vulnerabilities for WordPress plugins. Fortunately, we have several simple tips to help you spot an unsafe WordPress plugin before you put your customers’ data at risk. 

 

5. Use two-factor authentication 

Two-factor authentication (2FA) requires two pieces of information to identify you and log you into an account. 2FA adds an extra layer of security between your company data (which includes customer data) and potential hackers. It’s a simple cybersecurity measure to implement across company accounts and makes it significantly harder for hackers to access your data. We further define 2FA, how it works, and the pros and cons of SMS, token-based, or app-based 2FA in this post. 

 

6. Train your team in cybersecurity 

A common mantra at Pagoda is “your company data is only as secure as your weakest link.” This refers to the level of cybersecurity knowledge held by your entire team. It’s simply not enough to have 24/7 IT support if your employees don’t know how to spot a phishing email or social engineering scam. One click on a malicious link can compromise your entire business and your customers’ data. This is why training your entire team on cybersecurity, from intern to CEO, is critical to protecting your data. Check out how we approach cybersecurity team training using KnowBe4 in this post: How to Strengthen Your Weakest Cybersecurity Link.  

 

You’re responsible for your customers’ data

When your customers share personal information with you, they’re trusting you to responsibly use and protect that data. Large-scale data breaches like the Target breach of 2013 that exposed the credit/debit card numbers and contact information of 110 million customers and the Uber breach of 2016 that exposed the personal information of 57 million Uber users and 600,000 drivers, are just two examples of how lax security measures can impact a company’s customer base. It’s important that you do everything in your power to prevent a situation that breaks that trust between you and your customers. Your website should act as both a marketing tool for your business and a secure vault for your customer data. It should be a top priority to ensure that every customer feels safe conducting business with you. After all, don’t you expect the same from other companies when you’re in the customer’s shoes?   

 

If you haven’t yet implemented the above steps for your business, get in touch with one of our IT specialists today. 

 

Related posts: 

 

What is GDPR and is Your Business in Compliance? 

WordPress Security Tips to Protect Your Website From Hackers

5 Virus Protection Tips Beyond Security Software

 

Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing.

 

 

Want IT to serve you better?

 

 

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.