It’s time to take your data security seriously. And if you think you’re already taking it seriously, it’s time to take it to the next level. There is no such thing as a business whose data is too secure.

I see it all the time working in tech. It’s the “it won’t happen to me” mentality. Data breaches could cost you your business. Maybe it’s because we operate in a smaller market here on the Suncoast and we think we’re hidden. Maybe it’s because you’re not processing multimillion-dollar transactions on a daily basis and you don’t think anyone would target you.

But the fact is, every business—from the barbershop on Main Street to the manufacturing companies along U.S. 301 to the national and international businesses that call our area home—is at risk.

The bottom line is this: If you store customer information, that data can be breached. And when it happens to Florida businesses, it’s not an easy process to manage. Florida business owners have a responsibility to notify all affected parties within 30 days, notify the Florida attorney general and send along a plan to rectify the breach and provide credit monitoring services, and file a police report.
Here are five steps to help keep your customer data secure:

1. Stop assuming it can’t happen to you. While larger companies make the news when a data breach occurs, small businesses are targets because their security controls are often weaker. In short, you’re easier to hack than Target, Home Depot and Sony, three companies whose stock prices suffered in recent years due to data breaches. The fact is, 90 percent of data breaches affect small businesses, according to a recent Trustwave study. The average cost of a data breach for a small business is $36,000, according to a First Data study. And unless you have data breach insurance, that money is coming out of your pocket.

2. It’s a myth to think that the cloud is not secure. Think about it this way: Public cloud providers like Amazon, Microsoft, Google and IBM (my employer), depend on keeping customer data secure as their lifeblood. Without the assurance that every customer’s data is safe, no one would spend a dime on their services. These providers employ a team of security specialists at every data center whose primary function is to keep a step ahead of hackers who wish to do your company harm. Cloud providers have the motivation and the resources that many small to mid-size businesses do not to employ ongoing best practices and ensure data safety. 

3. Data security is an organization-wide effort. For many organizations, a comprehensive data security plan requires an internal culture shift. It’s every employee’s responsibility to protect the company’s data. And while some employees may not like the added steps it may take to keep their data secure, it will always be easier than a deposition in a class-action lawsuit.

4. Improve your passwords. This is something you can do tomorrow in your organization. It costs nothing to send an email reminding your employees that “password” is not a good option for your password. Ask everyone to take the time to review their passwords and change any that might be lacking in sophistication. Secure passwords have a mix of uppercase letters, numbers and special characters.

5. Invest in proper security controls at every vulnerable point. It can be daunting to figure out where to start when it comes to establishing a cyber security approach. It should be even more worrisome, however, if you’re doing nothing or next to nothing. That’s simply not an option with the number of threats that exists today. If you’re looking for a good starting point, check out the Federal Communication Commission’s (FCC) Small Biz Cyber Planner.