While business growth is important, compliance is an essential ingredient for small business risk management to prevent even bigger problems
When Data Breaches Happen: Ways to Protect Your Small Business
Are data breaches like Equifax's an inevitable part of doing business? Not if your small business takes the necessary steps to keep sensitive data safe.
Last week’s data breach at Equifax comes on the heels of countless other data breaches at big and small businesses alike. But are data breaches now an inevitable part of doing business?
No, not if your business ensures it’s taking the necessary steps to keep all sensitive data safe.
How a data breach can affect employee information
Last year, for example, when a data breach hit HR outsourcing firm ADP and compromised the personal data of employees from more than a dozen of ADP’s clients, we provided a list of actions businesses could take to keep their employees safe. Some of the tips are simple: changing passwords regularly and requiring complexity is something employees can do to help prevent access to their personal information. Also on the list was ensuring security audits were frequently performed by an outside resource.
We did, however, forget to include something from our list: install all patches ASAP, which may have been the cause of the Equifax breach. Why did we miss the suggestion? Because companies in the business services industry should already be taking care of this for their customers. At Stratus.hr, we ensure all of our clients’ employee data is encrypted. We take care of the updates and patches ourselves -- these are done on OUR end and they’re not dependent upon any client action. Stratus.hr is also SSAE 16 SOC 1 Type 2 certified, meaning we have been audited by an independent firm to verify our systems and controls are secured. We have electively pursued the SSAE 16 third-party audit to ensure our client information is protected. This thorough audit also identifies inefficiencies or areas for improvement, in the event something has been overlooked. (For more information about the SSAE 16 audit, please visit www.aicpa.org.) It’s just another step in ensuring security isn’t compromised.
Steps all businesses should take to protect sensitive data
There are, however, measures we ask our HR clients to take, too. Watch for scams. Create strong passwords. And call us whenever you have a concern.
No one ever wants to be the victim of identity theft. You can find more details about keeping employee data safe in the following articles.
- IRS Warns of W-2 Scam Targeting Payroll and HR Departments
- Preventing Security Breaches – What You Can Do
- ADP Employees Hacked – Is Your Company Safe?