More and more people are shopping online and handling many aspects of their business online. That makes for a lot of customer data floating around out there in cyberspace. It also causes a lot of bad actors to use phishing scams and other devious tricks to breach the systems and steal the data for nefarious purposes.
Many major corporations have had to manage massive customer data breaches in recent years. Reputable brands like Marriott and Macy's have all had to scramble to try to mitigate the damage wrought by these hackers selling customers' information on the dark web.
Could your business fall prey to such an attack?
The takeaway from these breaches to major corporations is that all business owners should review the protections and firewalls that they have in place to safeguard employees' and clients' personal and financial information.
You want to make sure that you have done all that is possible to prevent an unauthorized release of the data. Otherwise, you could leave yourself open to some serious liability for allowing this information to be accessed without permission.
Do you need all the data you keep?
Maybe not. According to the Federal Trade Commission (FTC) companies shed some of the liability for safeguarding private data by only retaining the bare minimum of customer or employee data.
While you need certain information from your customer at the point of sale, there is no need to keep that data on your computer or server. Auto-delete is no longer necessary.
Is your data secure?
A determined hacker can breach even sophisticated systems, but it can take them a long time and require multiple attempts. But don't be low-hanging fruit for the hackers. Make your data protection security systems as impenetrable as possible and limit the employees who have access to this data.
In the event of a breach
Sometimes it happens to companies and brands even though due diligence was done by those in charge. If you are facing a data breach, the steps you take immediately after learning of the event can dictate the trajectory of the recovery you will make.
It's important to be as transparent as possible about the nature of the breach and whose data was exposed. Your business law attorney can draft a formal statement that explains the problem and what you are doing to fix it without making it sound as if your company was remiss in its duty to protect this vulnerable information.