Securing Company Data

Best practices to help business clients protect their data

By Dale Dabbs

Customers expect to feel protected by their banks, not only in terms of the safety of their investments, but when it comes to the security of the information they share. With the growing number of recent corporate data breaches (i.e., Twitter, LinkedIn, Evernote, the North Carolina state government, Lucile Packard Children’s Hospital at Stanford), this is a valid expectation.

When a business data system is breached, damages can amount up to $194 per customer record stolen, according to the Ponemon Institute. Additionally, organizations are at risk of business identity theft since perpetrators can also change filings with the state, send false payroll checks and alter IRS records.

Collaborating with data security service companies such as EZShield Inc. in Palo Alto, Calif., can enable community banks to help their small-business clients accomplish key prevention measures that protect their most sensitive corporate information.

Those best practices generally include taking four broad steps:

– Assessment—Review current security practices and potential gaps for weaknesses. Common areas of vulnerability include firewall adequacy, anti-virus and anti-malware protection, and warning systems to indicate threats of attacks.

– Privacy and security plans—Establish or review existing plans to ensure that businesses address data backup, recovery and due-diligence practices. Most importantly, businesses need systems to identify the location of their customers’ confidential information—such as databases, contact lists, financial records—and focus on protecting these key areas.

– Employee training—Teach employees about how to execute the security plans, and incorporate continuing education to keep employees up to speed on latest security practices. Education, as always, is critical for success.

– Compliance—Ensure that operating practices are aligned with current regulations. Businesses, regardless of their size, need to comply with current government mandates.

When it comes to responding to a data breach, every small business needs a plan in place to minimize financial and reputational damage and harm to customers. Critical data protection activities that community banks can help their clients establish include:

– Breach incident planning that helps businesses design breach process flows, develop forensics checklists, assign internal breach incident team roles and draft external notification guides.

– Access to post-incident support that gives businesses the resources they need to carry out the recovery and customer notification processes. Support can range from customized victim notification letter production, to call center support to handle victim concerns, to an outside forensic expert to help investigate root causes of the breach and isolate vulnerabilities.

By providing attention and care to breach and fraud prevention, community banks can offer their business customers comprehensive, valuable services that can help to strengthen customer relationships. Community banks can also benefit since this ensures their clients’ money stays where it belongs: in the bank.

Dale Dabbs is CEO of EZ Shield Inc., a company in Palo Alto, Calif., that provides customer identify fraud protection services.