5 Ways To Prevent A Target-Like Data Breach At Your Business

Hackers breaking into Target’s point-of-sale system and stealing 40 million customer debit and credit card numbers should serve as yet another warning to small businesses: You can’t take data security too lightly, and you shouldn’t assume a breach won’t happen at your business.

The Target incident shows how sophisticated hackers have become and how badly it can hurt a business if a breach occurs in a sensitive period such as the crucial holiday shopping season. Analysts say that Target could take a major financial hit to its 2013 holiday sales revenues, as well as longer-term consequences to its finances and reputation. Ken Perkins, a Morningstar analyst, told CNBC he wouldn't be surprised if fewer customers applied for Target's REDcards, the store-branded credit cards that can drive consumer loyalty.

Data breaches cost United States businesses an average $188 per record compromised, according to the Ponemon Institute’s 2013 Cost of a Data Breach Study. That means it could cost a business $188,000 if 1,000 records are stolen.

How can you prevent a breach at your business?

1. Conduct a risk assessment. Evaluate what kinds of sensitive information your company holds and which would be most sought after by cyber criminals, such as credit card numbers or Social Security numbers. Then prioritize to ensure the most vulnerable data is secure first.
2. Restrict employee access to sensitive data. Many data breaches are inside jobs. Make sure to only allow trusted and necessary employees to access data that could be useful to thieves. A formal data privacy policy could help institute such rules, as well as ensuring paper documents are locked up in a safe place where people can’t easily access them and that unneeded documents are shredded regularly.
3. Use data encryption and strong password protections. Install encryption software on all computers, mobile devices, flash drives and backup tapes, and make sure all devices and key accounts are locked with strong passwords. BusinessBee.com features a list of the best password-management tools for small business.
4. Install antivirus software on all computers—and keep it updated. Many cyber attacks occur via malware downloaded when an employee clicks a link emailed to them. A strong antivirus program will identify and block malicious sites before something compromises the system; PCMag.com has a list of the best antivirus software of 2013.
5. Consider moving data to the cloud. There’s plenty of controversy over whether moving data to the cloud makes it more or less vulnerable to data breaches. (Even one Google exec questions cloud computing.) But for small businesses, having internal servers that store information can pose a big risk—something many business owners don’t want to worry about. On the other hand, cloud providers spend every day worrying about data protection. “Cloud software companies, knowing the implications of a crash on their business’ bottom line, invest significant resources into insuring that such a disaster never occurs,” writes Forbes columnist Eric Savitz. “Cloud computing companies can invest far more resources in data backup and security than your business can.”

Read more about data security.

Photo: Getty Images