Articles

Small Business Development Center at USF Offers Cybersecurity Tips for Small Businesses

By Pat Gordon

Pat Gordon

TAMPA (April 24, 2017) -- As if you don't have enough to think about while running your own business – ever increasing competition for customers and employees, managing bills and cash flow, learning the ins and outs of social media marketing and which human resource laws apply to you – along comes cybersecurity and data breaches.

According to Small Business Trends, 43 percent of cyberattacks take aim at small businesses. More alarmingly, 60 percent of small businesses go out of business six months after a cyberattack. Being concerned about the security of your customer data is an ever-increasing issue in 2017.

Like a lot of business owners, you might think (hope) that it probably won't happen to you.  After all, you have a small business, a small database of customers and maybe you don't even collect credit-card information – just names and addresses and a little history of purchases.

Identity theft can be accomplished simply with a person's name and email address. Once a hacker reaches a friendly customer service representative at almost any place the individual might shop (think Amazon, Wal-Mart, Target), they can simply change the mailing address on the account and the misery begins.

Why would someone want to go after your customers' information?  Why not go after the big guys?  This is why: Large businesses have legal departments and data security personnel who are well aware of the dangers of security breaches. They have been putting protections in place since the early 1980s when modern day hackers were just getting started.

Unfortunately, most small business owners don't take the time to put protections in place before an incident occurs and they don't realize what they need to do when their customer information is stolen.  And don't forget how much information you collected on your employees when you hired them – you are responsible for protecting their information also.

Here's a sampling of some of the laws and regulations in place that may impact you:

For small businesses that don't have the luxury of an in-house legal department, one of the most critical things for a business owner/manager to do is to create a company policy that protects the customers' information:

Step 1 – Think about how the data can be better protected.

Step 2 – Decide what information to keep, how long to keep it and how to protect it.

Step 3 – Lock up computers, change passwords often, lock file cabinets and offices.

Step 4 – Put Steps 2 and 3 in writing and add them to the policies and procedures manual.

Step 5 – Ask about data breach insurance.

Pat Gordon is a Florida SBDC at University of South Florida business consultant, based at the CareerSource Suncoast Center in Venice.