Whatever your company’s main focus, security for both yourself and your customers is of paramount importance. In a world where so much business is now conducted online – including transactions, the exchange and storage of personal information, and even the drawing up of deals and contracts – robust measures must be put in place to prevent theft, fraud and other threats from reaching your enterprise.
However, an equally important aspect is letting customers, both prospective and existing alike, know about the measures that you are taking to ensure good security within your business. After all, someone is far more likely to take their custom to a company with up-to-date, verifiable protections rather than one who keeps all their hard work around safety firmly under their hat.
So, where should you concentrate your security conscious efforts? And how should you let your intended audience know about it?
Passwords and 2FA
One of the most obvious online safety concerns is still usually the weakest link in a business’s security policy, and that’s passwords. Because it is necessary for all employees – even if there’s just two or three of you – to have their own personal passwords that they share with nobody else, this can be a weak chink in your armour. This potential breach becomes even wider if your business necessitates that each customer have their own password too. You cannot dictate what those passwords are – that would defeat the point! – but you can encourage colleagues and customers to use best practice when creating new passwords. For example, never writing passwords down, avoiding obvious personal info that could be guessed at, and not repeat using passwords over multiple different accounts. You could also follow the lead of successful businesses like Pokerstarscasino and Soundtrap by implementing 2FA (two-factor authentication) when logging in to all company associated accounts. These big names are responsible for protecting both people’s bankrolls and personal details, so it’s important that their sites have a high level of security built in. 2FA involves presenting a second piece of evidence in order to log in to any account, like a randomised code texted to the user’s mobile phone or the password generated by an RSA Security Token. Customers will see that this security-conscious feature is in use when they sign up for an account with your business.
Another vulnerability that is often overlooked is software. There is a good reason why apps update so regularly on your smartphone and that is because the developers are patching any gaps in the software’s security which could be exploited by nefarious parties. The same applies to software of all types, on PCs, tablets, smartphones and even the seemingly unbreachable MacBook. This means that it is of the utmost importance that, as a business, you are using updated software that is fit for purpose and still regularly updated by its developers. This applies to the nuts and bolts underlying your website, your social media platforms, any cloud storage you use and your security software itself. A short note on your website explaining to customers that you use state-of-the-art software that is regularly updated can work wonders in putting their minds at rest. However, they will also be able to see that your customer-facing online presence looks fresh, contemporary and up-to-date. Whilst on the subject, it is also a good idea to keep any hardware updated and serviced too. This doesn’t have to involve shelling out for a brand new set of company PCs every couple of years, but it should mean that you’re not still using a 20 year old laptop to store all of your sensitive data.
Employee Training and Knowledge
Whether your business employs one person or one thousand, it’s vital that everybody working there knows the company security policy and abides by it. This means that everyone should attend mandatory security training; this can be delivered in person, via employee directed online training courses or through the distribution of written and audio-visual materials. There is no point having a company director who is well informed on all the latest safety measures if an employee working with customer information daily has no idea what’s going on. The policy must penetrate all levels of the business equally, and everyone must be given an equal chance to learn about it. Seemingly basic knowledge about spam and phishing emails may not be common knowledge to everyone, and so it is always a good idea to go back to basics and make sure that everybody is on the same page. Again, this can be included in a statement on your website to reassure customers that, behind the scenes, everything is being taken care of in a well-informed, secure and orderly manner. You can also add signatures to the bottom of email correspondence, display security training accreditation publicly and be honest and open about your training procedure for staff.