Earlier this week we provided safety steps booksellers should take to keep customer data safe. Today we’re discussing how to react if your retail system is hacked.
The most damage done in a data breach is due to lack of a response plan. Those 60 percent of small businesses that were hacked never recover, largely because they didn’t have an “after the data breach” plan.
“It’s like putting a guard at the front door to ward off bank robbers without training him how to handle an actual robbery,” said one consultant.
What to include in a data breach plan
- Perform a security audit. What data needs extra protection, such as customers’ personal information, your bookstore’s financial records and your employee records? Where is this information is collected, housed and transported? How can you detect a breach?
- Add cyber protection for your data and files. Your anti-virus software, intrusion detection and firewalls should not only limit hacking, but also alert you when they’ve been penetrated.
- Encryption software, readily available and inexpensive, is effective when data is in transit, such as on a laptop or thumb drive. If stolen, thieves won’t be able to use the data.
- Train your staff. Usually, human error causes a data breach, through lost equipment, an unsecured WiFi or unknowingly downloading malware. Train staff recognize a phishing email and use secure passwords. Training also alerts them that you’re watching their activity.
- Control vendor access. Carefully choose vendors who store your data on the cloud, ensuring they have the right protections and security measures.
- When a breach occurs, alert your insurance company and your IT consultant, who can gauge the severity of the breach and which customers’ data was stolen. Work with both to alert your customers.
The security landscape is constantly changing: You may be secure today, but not next month, so be constantly on guard, adding software updates, changing passwords, training employees and planning for a data breach that you hope never happens.