As we head into an era of inter-connectivity and IoT products, our personal (and business) data is everywhere, for better or for worse. And while we’ve all heard of famous security breaches causing millions in loss such as the Equifax breach in 2017, many founders still continue to think it won’t happen to them. As a result, founders often overlook simple measures to increase their data security and leave themselves at risk of a security breach.
A security breach can leave a company with lost clients, high legal fees, and facing many other consequences. Here are four tips to prevent your client and customer information from being breached by an unauthorized entity.
1. Confirm the transfer of sensitive information through the phone.
-
-
- If a client is requesting sensitive information that is not routinely transferred via email, call your client for a verbal confirmation. In the case of sensitive information such as social security numbers or bank information you can never be too careful. It only takes a few moments and your clients will appreciate your caution.
-
2. Use strong passwords.
-
-
- Avoid passwords that are easy to guess, include personal information, or are related to your business name. Make sure you don’t use the same password for multiple accounts and make passwords stronger by using special characters (!@#$%) or numbers (123) or, even better, a combination of the two.
- Pro Tip: change your passwords every three months for added security.
-
3. Only give access to employees as needed.
-
-
- Sometimes it’s easier to give your employees access to your file system so they are guaranteed access to the documents they need. While this is easier in the short term, it means that potentially sensitive data is accessible by users that don’t need them! It may be a small pain to give access as needed, but it is an easy way to ensure that your client information is safe and sound. Remember to restrict access again once your employee no longer needs access!
-
4. Train your employees on how to identify potential security risks.
-
-
- One of the most common ways data is breached is through phishing scam emails. Training your employees on how to spot a phishing email could save both you and your clients a huge head ache down the road. Ensure that the email address on a suspicious email is exact to your records as many Phishing scams will make minute changes to the email address to trick you. Don’t click on attachments if you are at all suspicious. Cross check email signatures to ensure that it is identical to an email you know is legitimate. When it comes to catching a phishing scam- always be vigilant and always exercise attention to detail!
-
District Advisory provides timely, consistent, and accurate outsourced accounting and advisory services to small and medium-sized businesses in the DC metro area. Utilizing technology to its fullest extent, our processes and team provide the financial information you expect from your accountant and the insight and value you expect from your CFO. District Advisory is a division of CST Group, a full-service CPA and business advisory firm. Contact us today to learn more about our services!