Home Office Data Security: Protect Customer Info – And Your Small Business

Jeff Zbar

Working from home offers freedom and flexibility, but it also opens the door to data breaches that can jeopardize your client relationships—and your bottom line. Identity Theft 911 CEO Matthew Cullina discusses how to enjoy the benefits of home-based work while protecting data integrity and safety.

Whether telecommuting for your corporate job, selling homemade crafts online, or practicing law from a spare room, you are responsible for protecting the personal information — such as names, addresses, birthdates, and Social Security and credit card numbers — of anyone you do business with.

No matter how small your operation, or even if you only occasionally work from home, your clients trust you to protect this data—and legislation in 46 states requires that you do so.

A data breach can happen when we lose a laptop with credit card numbers, unknowingly download a virus, or even leave open a file drawer containing paper records.

How should a business owner respond?

Businesses must notify clients whose information is compromised; a breach can seriously undermine their trust in your company. In addition to lost business, notification alone can cut deeply into your earnings: One small company with three employees recently spent $25,000 sending data-breach-notification letters to customers.

What steps should you take?

First, wall off your personal and professional lives. If possible, keep two computers, and don’t use your work computer for personal email, online shopping, social networking, or other activities that invite hackers in. Let your spouse and children know that your business materials—both digital and physical—are off-limits. Make sure they understand what’s at stake and how easy it is to accidentally reveal sensitive information.
Next, take a hard look at the data you keep, and safely purge everything you don’t need (cross-shred paper documents; use a wiping utility to permanently erase hard drives). Take what’s left and lock it up: Paper files can’t be password-protected, so they’re particularly vulnerable—keep them, as well as external hard drives and computers, in locked cabinets or rooms. Also…

- Keep computers, smart phones, and other technology secure and up-to-date.

- Use “strong” passwords with numbers, symbols, and characters; firewalls; and antivirus, anti-malware and anti-spyware programs.

- Encrypt files and emails using inexpensive software or the basic encryption built into most applications.

- Use the latest operating system and download recent security patches.

- Avoid wireless networking — it’s convenient but inherently insecure; if you must use it, skip the coffee shop network and use a mobile broadband plan with a trusted provider.

If you telecommute, work closely with your company’s IT and security departments to ensure your home office meets their standards for protecting offsite company data. Follow those protocols to the letter.

If you process credit card transactions, choose a payment application that’s fully compliant with current regulations and has good customer ratings. If you use a vendor for payments, do your due diligence; carefully read their conditions and privacy terms, and thoroughly research their reputation and any recent breaches.

It’s impossible to totally protect against a data breach, but you can be prepared. Learn which state laws apply to your business (these may be in states in which your customers live, not just where you work). Ask your insurance carrier about cyber-liability and data-breach coverage. Educate your employees and anyone who has access to your workspace and materials—including family members—about your responsibility. Know your company’s data breach plan, or have your own in place, and let your customers know what it is—your proactive approach is a great marketing tool.

Always remember: If the information you store is compromised, do what you’ve said you’ll do. Moving swiftly and confidently will restore your clients’ faith and protect your livelihood.

Matthew Cullina is chief executive officer at Identity Theft 911, a Scottsdale, Arizona-based provider of identity theft and data breach management, resolution and education.

Jeff Zbar, The Chief Home Officer
Copyright 2010, author retains ownership. All Rights Reserved

Print page