Expert IDs mistakes SMBs make about privacy

Data privacy is top of mind for most businesses these days, but some common misconceptions about just what data privacy is - and isn't - may be leaving small businesses open to problems. We asked an expert to explain.

Kristina: What are the most common misconceptions about data privacy?

Francis Dinha, CEO & Co-Founden, OpenVPN: The most common misconceptions around data privacy are users feeling as if they have nothing to hide, so data privacy does not apply to them, and that they don't care if companies use their data. These are two misconceptions that need to be gone away with, and it starts with a shift in consumer mindset. Consumers need to be aware and take notice of when they're accessing public cloud services without protection, especially when accessing bank information or supplying your credit card to an online merchant. When you're using an unprotected connection, your data is in transit when accessing any web service and might be compromised by cybercriminals.

Kristina: What are some common mistakes small businesses are making that leave data vulnerable?

Francis: There are three key mistakes that small businesses are making that leaves their data vulnerable:
• Most small businesses don't hire the proper IT resources to protect their data and network
• Most small businesses rely too much on public cloud services instead of keeping their data on a private cloud or private network
• Most small businesses don't use VPN to provide remote and secure access to their data

Kristina: What steps can brands take now to improve the security of their customers' data?

Francis: Brands need to be aware that the cost of losing customer data is huge. IBM claims the average monetary loss due to a security breach is 4 million--up 30% over recent years. Yet, these losses go much deeper than monetary, there is loss of credibility in the market and with your customers which can be a substantial hit to the future success of any entity that relies of public trust to grow their business. That said I would recommend a few things that companies should be doing starting with their own internal processes. Make sure your data encryption methods and programs are up to date and data protection and retention policies are current, if you don't have policies in place, get them. Limit employee access to personal customer data and records on a need to know basis only, unless there is a nexus between accessing this data and their job requirements, don't allow it. Have strong privacy policies in place and make sure these are relayed clearly to customers and to your employees.




Tweet