Better Business: Here's how to protect yourself from data breaches

2014-05-01T00:00:00Z 2014-05-01T09:31:20Z Better Business: Here's how to protect yourself from data breachesBy ERIN T. DODGE The Billings Gazette
May 01, 2014 12:00 am  • 

The data breach at Target made big headlines during the holiday shopping season last year. We know now that Neiman Marcus and three other retailers were also breached in the same way. Also, from September to November last year, a credit card security breach occurred at grocery stores in our own backyard. Stores in Montana, Idaho, Washington and Oregon that were serviced by URM card processing were hacked. Consumers reported a rash of fraudulent debit and credit card charges to their banks, credit unions and credit card companies, exposing the breach.

In light of these breaches, it is no wonder that consumers are worried about protecting their personal and financial information. They may also be wondering why companies aren’t doing more to protect them.

Montana State has a data breach notification law that applies to all businesses that collect or store personal information, such as date of birth, social security number, driver’s license or state identification number, financial information and account passwords.

Every business collecting information about its customers should ask the following question on a regular basis: How secure is the information we collect?

Even if your company has strong security measures in place, the Better Business Bureau recommends regular review. The hackers never stop looking for holes to exploit. And businesses need to make data security a priority to help prevent these attacks. When reviewing the effectiveness of your security, consider the following:

n Use data encryption for onsite and remote employees.

n Don’t collect data you don’t need to conduct business.

n Evaluate insider threats. Threats from employees or contractors could be intentional or result from human error. Train employees in security principles and require that strong passwords are used. Have exit plans in place that protect sensitive data when an employee leaves your employment.

n Create a contingency plan should a breach occur (more on this later).

n Consider purchasing insurance coverage for data breaches.

n Regularly backup your data. If you use an external storage service, thoroughly review the security of their services.

n Keep your security plan private. Only those who need to administer your company’s cyber security measures should know about it.

Whether feeling overwhelmed or confident in your security measures, consider using freely available tools, such as the BBB’s data security guide at www.bbb.org/data-security and FTC’s Small Business Cyber Planner found at www.fcc.gov/cyberplanner.

Still unsure of how to proceed? Consider hiring a third-party breach and data security expert for an objective evaluation of your risk of being hacked.

Taking steps to keep data secure is the best business practice. But if you are caught unaware and a data breach occurs, the BBB offers the following advice:

n Respond quickly.

n Notify your local police, the Montana Department of Justice (doj.mt.gov) and the FBI (www.fbi.gov) of the breach.

n Notify your payment processing company of the breach.

n Consider notifying the three national consumer reporting agencies: Equifax (www.equifax.com), TransUnion (www.transunion.com) and Experian (www.experian.com).

n Notify your customers. Your notification to affected customers should include details of the nature of the breach, how your company has resolved or is resolving the problem, and what will be done to prevent further breaches. Also, consider advising anyone experiencing or suspecting identity theft or fraud to alert your business, file a police report, and notify the three national consumer reporting agencies.

If you are uncertain of how and when you should send notification, seek legal counsel.

If your situation does not require you to pay for credit monitoring for affected customers, consider paying anyway. This could create goodwill and help repair the affects of the breach felt by your customers.

Even after you’ve taken every step to respond and notify the affected customers, you’ll need to watch out for scammers and further protect your company’s reputation.

Often after a data breach, scammers will pretend to be the breached company. They will send out emails, text messages and phone calls, claiming to offer refunds or gift cards as an apology for the breach. Instead, the scammers will attempt to get the personal and financial information of the very people affected by the breach.

By being proactive and prepared, you can protect your business and customers from cyber-threats.

Copyright 2014 The Billings Gazette. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Monthly Features

Ready, set, shop

Ready, set, shop

The stakes are big next month for owner Kris Carpenter of Joy of Living on the Billings West End, where the holiday rush typically comprises 40 percent of her sales for the year.

1 hour ago Photos

Photos

Loading…

Discount retailer Alco shuttering two Eastern Montana stores

Discount retailer Alco shuttering two Eastern Montana stores

Discount retailer Alco Stores announced Friday it is closing 200 stores nationwide and liquidating merchandise, including stores in two Eastern Montana towns.

November 21, 2014 5:15 pmLoading…

Boat dealer moves into former Scheels space at Rimrock Mall

Boat dealer moves into former Scheels space at Rimrock Mall

A Wyoming boat dealer has temporarily set up a showroom at the Rimrock Mall in the former Scheels Sporting Goods space, and mall officials say they’re still seeking a permanent tenant.

November 21, 2014 4:40 pm Related Loading…
Get weekly ads via e-mail

Deals & Offers

Featured Businesses