Critical Tips for Safeguarding Confidential Customer Data

Statistics regarding cyberattacks on customer data should be alarming to every small-business owner. According to figures cited by the World Economic Forum, more than 50% of cybercrimes are aimed at small businesses, resulting in a worldwide cost of $600 billion in 2018.

And in 2017, more than 65% of small businesses reported that they’ve experienced at least one cyber incident in the two years before.

The threat of a damaging cyberattack on a small business such as yours remains high — so all the more reason to institute safeguards ASAP and take every possible step to protect confidential information provided by your loyal customers.

Here are the key steps you should take to achieve this crucial objective.

Implement Basic Data Protection Measures

Kiersten Todt, managing director of the nonprofit Cyber Readiness Institute, urges small businesses to address the “core four” issues of cybersecurity:

  • Employ strong, secure passwords.
  • Automate up-to-date security patches.
  • Prevent malicious phishing attacks.
  • Eliminate the use of USB drives.

Taking these measures will help small and medium-sized businesses feel more secure, knowing they are “protected from the most likely causes of breaches and related attacks.”

Take It Further With Additional Preventive Steps

Another important action is regularly upgrading your security software. Because cybercrime tactics keep changing, it’s imperative that your safeguards are consistently kept up to date, as well. Software updates are typically free for legal owners, but no matter what, make sure your IT person or team stays current with the latest software security developments.

Who has access to your confidential customer data? If anyone in your workplace can easily access this information, you have a genuine data security risk on your hands (not because employees are necessarily malicious, but because simple errors or lack of knowledge can leave your business open to cyberattacks). Customer data access should be strictly on a need-to-know basis. Assign different levels of privileges to those individuals who must access this data in order to properly do their jobs.

Let Customers Know About Your Commitment to Data Security

These days, consumers have set a pretty high bar when it comes to data security; they expect that the companies they do business with are aware of the risks and prepared with strict data security measures. Your reputation is on the line, so be sure to inform customers about the safeguards in place to protect their sensitive information. Let them know — on your website and social media, as well as in your marketing materials — the kind of data you need to provide outstanding service and describe the systems in place that keep information safe from potentially crippling data breaches.

Only Compile Information That’s Essential for Business

Sometimes, businesses attempt to collect too much information from their customers. Doing so “provides a large cache for cyberhackers to target,” advises Huff Post, adding that you can also “offer customers the option of whether they wish to share personal information with you or not.”

As a further measure of protection, employ the latest encryption technology whenever customer data is involved. Schedule ongoing encryption technology upgrades, so that your system remains secure against ever-more sophisticated criminal tactics. Never hold onto a legacy encryption system installed years ago.

Backup Customer Information to Guard Against Ransomware

Ransomware is among the most pernicious threats businesses face in the realm of cybercrime. This refers to the tactic of infecting your computer with malware that locks data beyond your reach, accompanied by demands that you pay large sums of money to retrieve this information.

As Michael Lashlee, senior vice president and deputy chief security officer for Mastercard, advises, “Up-to-date backups are critical for recovery from these attacks,” adding that these backups should not be connected to your computers to further enhance the security of your data.

Get Employees Fully on Board With Cybersecurity

All of the above-listed measures will significantly enhance your efforts to guard data entrusted to you by your customers. But never forget, as security experts constantly remind us, that your employees represent the weakest link in the data protection process.

Communicate to your team that cybersecurity is among your highest business priorities. Implement ongoing data security seminars and workshops (and make them mandatory!) while also emphasizing the important role employees themselves play in protecting the business against cybercrime.

Identify training methods that actively engage employees, rather than just dumping a lot of information on them. Steadily build a culture of cybersecurity that incorporates rewards for training and compliance with security measures. Celebrate individuals or project teams for their adherence to your security measures, which should encourage them to buy in even more.

Cyber Readiness Program

Mastercard has established the Cyber Readiness Institute, a collective of business leaders committed to helping small and medium-sized businesses around the world. You can access the full Cyber Readiness Program by signing up today.

Lee Polevoi
Lee Polevoi
Lee Polevoi is a veteran freelance business writer specializing in exploring the opportunities and challenges facing small businesses in the U.S. today. A former senior writer for Vistage International (a global membership organization of CEOs), Lee regularly produces articles, white papers, blog posts and more for the diverse small business audience.

See all posts by Lee Polevoi
  • All views expressed on the published articles at are those of each of the authors, and do not in any way represent the opinions of Mastercard International Incorporated or any of its affiliates (“Mastercard”). Mastercard is not responsible of the information contained in these articles.