Data Security for Small Businesses in 2021 – Protect Your Customers’ Data



There’s no denying that 2020 was the most memorable (but also hopefully forgetful) year in more than a century. Among the chaos of setting up a home office and more work being done remotely, COVID-19 has given rise to an aggressive landscape of cybercrimes.

When trying to keep your business afloat during a pandemic, customer data safety may be the last thing on your mind. But it certainly shouldn’t be. And it’s far from the last thing on your shoppers’ minds – 79% of customers worry about their data security and privacy issues.

Data security for small businesses strongly affects the trust that customers have in your business. And negative incidents or anecdotes can be massively detrimental to any business’s success. It impacts your business operations, brand value, and investor appeal. Plus, it’s usually pretty costly. Even small data breaches can come with millions of dollars in penalties and lawsuits. With laws like Europe’s General Data Protection Regulation (GDPR) and the California Customer Protection Act (CCPA), you’re left with other no choice than ensuring compliance and taking customer data privacy seriously.

According to research, the average compromise of customer data results in some serious fallout:

  • 5% drop in stock price on the day you declare the data breach
  •  7% loss of customers
  •  65% loss in trust
  •  27% discontinued the relationship with the business

This is just the tip of the iceberg. Not protecting your customer’s data can have far-reaching consequences. From affecting day-to-day business operations to a dramatic loss of revenue, data breaches can forever alter the course of a business.

With cybercriminals continuously getting smarter and finding new ways to hack your customers’ data, relying on antiquated methods to protect your customers’ data is simply not enough. In order to build the right foundation to secure your customers’ information, you need to understand, adapt, and implement data privacy and ensure compliance

an infographic on data security for SMBs

1. Sign The Employee Non-Disclosure Agreement

What happens when your most trusted employee reveals a customer’s personal details to a friend over a beer?

This could include their password, SSN, email address, or their telephone number. Though the act may not be intentional, it puts customer data at risk. That’s where you need a non-disclosure or NDA. This may seem far-fetched, but it happens all the time. Businesses need to protect themselves against even seemingly unlikely data breaches.

A confidentiality agreement or NDA is a legal document that keeps the lid on sensitive information surrounding your business. With cyber crimes likely to cost $6 trillion by 2021, it makes sense to get an employee NDA signed by every employee. By using the right employee NDA template, you can specify exactly which pieces of information must be secured.

An NDA creates a psychological impact on employees, too. They now know they’re legally bound and can face lawsuits if they share any sensitive information with an unauthorized person(s).

In one prominent example, a former employee of the Oprah Winfrey series was stopped by a court from writing a book about her experience working with the series and the clients that visited the show. She was tied by the NDA agreement she signed before joining the production house. Using the NDA agreement, Oprah successfully saved her and her client’s personal information from getting shared with the world.

2. Use Customer Database Software

With cybercrimes showing no sign of slowing down (quite the opposite, in fact) and customers taking extra precautions to safeguard their data, saving customers’ data in a spreadsheet no longer works. Customer database software, like a CRM, helps store critical and personal information in a secure database. A cloud-based CRM such as Converge Hub provides an unparalleled level of security.

Your customer data is safe no matter where you’re hosting the CRM. You can set up login procedures, physical access to servers, and password resets. Apart from keeping the data secure, a CRM comes in handy in numerous other ways – businesses are able to store all data in one place, gain useful customer insight to identify new opportunities, improve customer retention, enhance customer satisfaction, and much more.

But a CRM helps businesses follow new laws and standards in other ways, too. For instance, Articles 15, 16, and 17 of GDPR give a customer the full rights to edit, modify, rectify, and delete any information they’ve previously shared with the business. The law gives businesses just 30 days to respond and take action once a customer exercises his/her rights to opt for data sharing. Without a CRM tool, finding relevant customer information is a headache. In many cases, you’ll easily miss the 30-day deadline resulting in hefty penalties.

3. Use a Virtual Credit Card Terminal

Whether you offer services or run a retail store, investing in a virtual terminal is a savvy choice. Apart from ensuring data compliance, it gives your customers more ways to pay their total.

This web-based application allows customers to manually enter their card details online and submit the transaction for processing. Without a card-reader or a POS, customers can make payments securely. These virtual terminals use encryption and tokenization techniques to safeguard the customer’s data from hackers during the transaction approval phase.

Interestingly, it uses the Address Verification System (AVS) technique to verify the ownership and identity of the shopper using the credit/debit card. Most software solutions are PCI DSS security compliant, which ensures secure payments.

In one 2014 instance, the credit cards of 56 million Home Depot customers were compromised in one of the most significant cyber-attacks targeting payment terminals. The malware used for the attack could quickly funnel the card’s information away from the store’s database upon swiping.

4. Focus On Data Minimization

For example, if you only the email address of the customers, don’t ask for their telephone numbers. When you focus on collecting vital data, you check the following boxes:

  • You decrease the amount of data. The less data you have, the less you have to protect.
  • Thereby, you increase customer confidence.

Hackers hate stealing low-value data. Simply getting a few thousand email addresses is likely not worth the time and risk associated with the theft. But if you collect their phone number, SSN card, household income, location, etc., you make the data a whole lot more valuable. Apart from attracting hackers, asking for too much personal information makes the customer suspicious. Often this leads to frustration and reduced faith in your brand.

To evaluate whether you’re collecting only vital information, audit everything you collect from your customers. It helps in ensuring compliance with the latest privacy laws. For example, if you sell an educational course, there’s no point in collecting the SSN or household income. Asking for their email address and phone number should suffice.

With the average data breach involving 25,000 records and the cost per breach of approximately $240, minimizing the amount that you’re at risk of losing is absolutely critical. The smaller amount of data that you collect, the lower the potential severity of a data breach becomes.

5. Train Employees

Customer data security is far too critical to remain in the purview of a few employees. Once you have a solid security program in place, make data compliance everyone’s business.

Often the weakest link between customer data and hackers is the small business employee who unintentionally passes off critical information.

From the CEO to an intern, everyone should understand and adhere to compliance policies.

Train your employees using a best practices manual that entails securing data at every entry and exit point.

  • Set minimum security protocols
  • Avoid the collection of data silos
  • Share tips on password management
  • Provide knowledge on the consequences of sharing information with unauthorized personals
  • Tell them ways to keep their system secure and free from potential vulnerabilities.
  • Keep all training organized with a project documentation tool.

Explain this information and teach staff ways to protect customer data. Be organized and consistent with all training regimens.

Conclusion on 2021 Data Security for Businesses

There will always be people targeting your customer’s data. And there are various types of attacks, including brute force, credential stuffing, phishing, and malware. While you cannot change their intention, you can keep customer data safe by ensuring data compliance at every level of the organization.

Leave no stone unturned in creating a strong cyber-security profile. When you keep customer data safe, customers will put faith in your brand and share their personal information without hesitating.

From employee NDA to data minimization, every data protection method will add an extra layer of security and safeguard your data.

Take the first right step in 2021 by protecting every piece of customer information. It may well be the difference between your business’s doors being opened or closed.

For more advice on how KORONA POS can help you keep a secure payment system and CRM, click below. We’ll walk you through the ins and outs of protecting your business from data breaches and fraud.


About the Author

Photo of author

Michael Chalberg

Michael has long focused his writing on the world of retail and small businesses. He''s been a part of the KORONA POS team since 2018 and loves helping entrepreneurs find ways to adapt and succeed. In his spare time, you'll likely find him hiking somewhere in the Southwest.

Leave a Comment