This is a guest contribution by Nick Rojas
We live on the internet. It is an integral part of our contemporary lives, and that means our precious data is stored and disseminated across the internet. The internet has brought great opportunities for entrepreneurs from all over the world, who can offer their services directly to customers. This cuts out the middleman, and by running a business online, it is possible to generate passive income easily.
Unfortunately, all that data floating around on the internet is a prime target for hackers and other malicious actors looking to exploit unprepared businesses. Moreover, many small businesses (SBs) are unaware of how potent the threat is. If you store sensitive customer data, it is absolutely essential you pay attention to internet security. If you think your passive income business is too small or too inconsequential to be a target, you’re wrong: automated attacks are designed to hit every business they can find – that’s the reason the attack is automated in the first place.
Let’s look at how to defend your business and your customers.
The Threat to Personal Information
The main threat is theft of personal data. Most customers are completely open to giving you their credit card numbers because they trust your business, but this information alone is sufficient to process a transaction. It is actually quite easy to steal credit card numbers.
Credit card numbers have short shelf-lives. They can easily be replaced. If you are hoarding long shelf-life information, like Social Security Numbers or addresses, these are also at risk of being stolen. Any information that you may deem private or confidential is at risk and should be protected.
There are two avenues of theft. One is watching traffic between your site and the customer; the other is downloading the information directly from your (the business’s) computers. How can we reduce the possibility of either of these events from occurring?
Encryption may seem like a daunting task that requires an entire IT team. Luckily for data security, that is not true. Encrypting your computers at the office is rather easy, and you can encrypt just the files with the customer data, or you can encrypt the entire machine.
Full-disk encryption (FDE) is easy to implement, does not reduce operation speeds, and makes life much easier for your employees. When a hacker breaks into your network and downloads the customer data files, if they’re encrypted, the thief only receives a useless jumbled mess of letters and numbers. There is no useful information for them, and your customers are safe.
The other attack avenue, watching traffic, is performed when customers visit your website. If you are collecting information over unencrypted channels (HTTP instead of HTTPS), you are asking your customers to shout their information to the entire world. Not many people are listening, but it only takes a single bad actor to listen and your customer, and your business, are in trouble. So make sure you use HTTPS connections for customers.
Furthermore, if any of your employees work remotely, at the very least use HTTPS connections to the office. However, it is better to use VPNs; these act like tunnels, blocking criminals from watching employee activity.
It is tempting to collect as much information as possible. Addresses, birthdays, phone numbers, credit card numbers, times of visits, locations of website accessed (by IP), etc. But if you collect that much information, you need to protect that much information. If your business does not absolutely require a piece of information, avoid requesting it. That will reduce your liability when a hack occurs.
Outsource to the Big Players
If you run a small online business solely for passive income, you probably don’t want to spend any time on security. In that case, you may want to outsource the most sensitive transactions (credit card processing, data storage) to the tech titans like Amazon and PayPal. They boast some of the world’s most advanced security expert teams, and they offer their services to you for a small fee.
Of course, if you want to store some data on your own machines, that’s perfectly fine. But remember to encrypt it, so when it is stolen, it is useless for the thief.
Nick Rojas wears many hats — business consultant, serial entrepreneur, business and technology journalist. For the past 20 years, this self-taught marketing strategy has worked with small to medium sized businesses offering his personal brand of expertise. His latest adventure includes working with Brilliance.