5 Reasons Why You Should Care About Data Privacy

“Data Privacy” is a word that gets thrown around a lot, especially in the tech world. Consumers are used to getting the standard “we’ve updated our privacy policy” email from businesses, and while most of us don’t actually read the fine print, that doesn’t mean that data privacy isn’t a concern.

In 2017, a survey conducted by the U.S. Census Bureau found that 75% of surveyed households had significant concerns about their online privacy.

As a small business owner, if you are only doing the bare minimum to protect your business and customers, that can be something that comes back to haunt you. Or worse, damages your business reputation if you don’t take data privacy issues seriously. Here are our top 5 reasons why you need to take data privacy seriously.

1. Your customers trust you

Your customers trust that you know how to keep their personal data secure. Their business relationship with you doesn’t just center on the services or goods you provide, it goes deeper; your customers believe that you are doing your utmost to protect their privacy and ensure the safety of information that they share with you online. They place an enormous amount of trust in your ability to keep their information safe online. Don’t break that trust. 

It can be hard as a small business to afford the kind of data privacy and protection necessary to guarantee that your customers will not suffer a breach in their data at your hands. Calculating the percentage of your expenses that goes to security can be a stressful and mind-boggling exercise. But ask yourself this. What wouldn’t you pay to keep your small business running, growing, and thriving? Your customers are the backbone of your business and you need to treat them (and their data!) with respect.

2. Hackers are already targeting you

We know that hackers target small businesses precisely because they tend to have lower levels of security. Simply put, your small business is low-hanging fruit for a cybercriminal. And if your business contracts with larger retailers or major commerce chains, you are going to be even more attractive because you represent a doorway to an even more lucrative cash cow. The risk here is not just the loss of your own customers, it’s the fact that your small business could become the public scapegoat if you are responsible for a breach that affects a publicly well-known client.

This might sound like an over-dramatization, but it actually happened in 2013 when hackers attacked Target via a third-party vendor. (They attacked by compromising an HVAC contractor, of all things!) 

3. The data you collect can be used against you

Many businesses and vendors collect more data than they actually need. Much of this data is personal information that is used to build the brand and produce stronger marketing for their target audience. This can get you into serious hot water if you suffer a major data breach, because then hackers can access far more information about your small business or your customers than you realize. 

A smart business step is to only collect what you need. You can better manage your liability risk when you know what you are collecting, why you are collecting it, and you regularly assess your data collection policies.

4. One “wall” of security is not enough

We’ve mentioned that security measures can be costly, sometimes even cost-prohibitive when it comes to using the best possible security measures for small businesses. Many small businesses are the target of phishing scams and other forms of cyber crime because they fall back on whatever built-in firewalls exist on their hardware and software. While this is cost effective, it’s also short-sighted.

We’ve used the analogy of the castle wall in a past blog, and while a wall can keep out clumsy intruders, it will not give your castle the same security as multiple walls, a moat, and maybe even some piranhas in the moat for good measure. And that’s how you need to think of your cybersecurity. Your basic out-of-the-box firewall isn’t good enough. Your customers’ data deserves the privacy and protection that is afforded by additional security measures such as multi-factor authentication, advanced malware and spyware systems, and rigorous employee training to ensure that no bad habits slip through the cracks.

5. It’s illegal to not address data privacy as a small business

There are many laws that require you to provide security measures for sensitive or client-related information. Regardless of your industry or the service that your small business provides, there are data privacy laws in place designed to protect the consumer. Don’t assume that being a small business exempts you from making a reasonable effort to protect your customer’s data.

In 2018 the European Union passed the General Data Protection Regulation, which requires every business in the world to comply if they have any EU accounts. That means that if your business happens to contract with any of our neighbors across the pond, and you don’t have appropriate security measures in place, you could be getting your small business in serious hot water with multiple countries in addition to the U.S. 

Again, that’s a bit of an extreme example, but it goes to show how seriously data privacy issues are taken globally. If you want to learn more, specifically about regulations in the U.S., the FTC has a webpage dedicated to educating businesses about why and how to protect your customer data. This is important, as more and more states are beginning to create their own legislation around privacy laws and regulation for data protection.

Data Privacy Next Steps

Ok, so we’ve convinced you that data privacy matters and that good security is worth paying for. But where do you start when it comes to verifying that you have done everything in your power to protect your customer and client data? Here are some things to consider:

• Are all systems protected by strong passwords and multi-factor authentication?
• Are all financial transactions encrypted? Is your email encrypted? Is all endpoint communication secure and encrypted? Basically, have you encrypted everything that can possibly be encrypted?
• Is your data hosted securely? If you outsource hosting, does your company have a good reputation and are they proactive in addressing your data concerns, particularly if your data is being hosted on servers outside of the U.S.? Do you actually know where your data is stored, and what physical security measures are in place to protect those servers?
• Do you have a business continuity plan in place for when data breach does happen? How quickly and easily can you access your most critical data after a breach has occurred? 
• Are you relying on third-party apps for your transactions? Have you properly vetted all third-party vendors that have access to or handle sensitive data? Are they up front with you about their security measures and their own business continuity plan?
• Are your employees trained and regularly updated on evolving security protocols?
• Are you staying up to date on data governance and changes in processes or policies that may directly or indirectly affect your line of work?
• Are you budgeting enough for data security? What needs to change in order for you to allocate an appropriate amount to that line in the budget?
• What levels of security do you require if you have a bring-your-own-device policy or if your team works remotely?
• Do you regularly review your data security and do you do so with an appropriately critical mindset?

And if you really want to go down the rabbit hole of all the ways you might be inadvertently inviting a data breach, check out this article from Digital Guardian that hosts a panel of experts and their takes on the biggest mistakes companies make with regard to data privacy and security.

If that list of questions feels overwhelming (even without going down the linked rabbit hole!) then we recommend scheduling a free IT assessment. Our experts can provide you with next steps to address all your data privacy and security needs.