<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5678177&amp;fmt=gif">

    Best Online Privacy Practices for Small Business

    by Michael Williams
    6 min read
    laptop keyboard with caution sign on keyboard button

    As a small business, you generate and collect two types of data – company and customer information. The onus is on you to protect both; losing your business data could render you unable to operate and losing client data invites all kinds of unwanted legal action.

    At the same time, failure to protect customer data could seriously damage your reputation and lead to a loss of revenue for years to come. Additionally, fines and penalties from regulations likeGDPR and CCPA could have a big impact on your bottom line. In short, it’s highly advisable to maintain best practices when it comes to online privacy. For your convenience, those are listed below.

    Use SSL Encryption

    Secure Sockets Layer (SSL) encryption is a simple, effective way to protect data. Make sure your website uses the HTTPS protocol and has an SSL certificate. This means that all communications are encrypted and can only be unencrypted once they reach their intended destination. If data falls into nefarious hands in transit, it will be indecipherable.

    Use a Virtual Private Network (VPN)

    A VPN establishes a  closed, private network on top of the public network of the Internet. An easy way to understand the concept is to think of it as an online channel that only certain people have access to.

    Where possible, you should use a VPN and SSL encryptions. Their effects may seem similar, and indeed they are, but when it comes to data protection an important best practice is to build redundancy into your system. One measure might fail, but it’s unlikely that all of them will fail at the same time.

    This redundancy is also why many businesses use multiple storage platforms – if information exists on hardware, in the cloud and in a hard copy, getting operations up and running after any kind of incident will be much simpler. Of course, all data storage must be protected.

    Encrypt Data on Devices

    Data stored on devices should also be encrypted, which is quite simple if the files aren’t accessed frequently. For small businesses that frequently utilize a Bring Your Own Device (BYOD) policy, this is especially crucial.

    Activating the encryption on desktops, tablets and smartphones is simple. The specific steps vary depending on the device that you’re using but finding the instructions shouldn’t take more than a few moments.

    Mobile Device Management (MDM) systems are also vital in BYOD situations. The MDM allows you to remotely wipe data and even locate a machine if it gets lost. In addition, most MDMs offer data segregation so your staff can keep their personal and professional files separate.

    Companies can reduce the probability of a data breach and thus reduce the risk of fines from GDPR and CCPA in the future, if they chose to use encryption of personal data.

    Step Up Password Security

    Although almost everyone understands the importance of creating strong passwords for every account containing sensitive information, many people still simply do not do so. Remembering a large number can be challenging, which is  why it’s advisable to use a password manager.

    Password managers create, store and retrieve strong passwords quickly and simply, so individuals don’t need to try and memorize all their access keys or share them with others – which can compromise security considerably.

    If your employees are choosing their own passwords, make the requirements as strict as they are for customers that log into your site; stipulate that they must contain letters, numbers and symbols, that they must be at least eight characters long, and that they should be changed regularly.

    Enforce Two-Factor Authentication (2FA)

    As effective as passwords are as a first line of defense, they are not infallible. As mentioned earlier, nothing is, and redundancy in privacy and security systems is the way to go. With that in mind, 2FA is another advisable but often ignored process.

    With 2FA, an individual must provide two means of authentication instead of just one. The idea is that only people with legitimate access to accounts or files will be able to provide both. For instance, when you log into a site you might be prompted to enter the One Time Pin (OTP) that’s sent to your phone.

    You can  institute 2FA on your customer-facing site to ensure that their information is more protected and that your company doesn’t inadvertently share it with hackers, as well as within your company to make sure that internal information transfers are not intercepted, using any of the 2FA apps available.

    Enforce System Audit Log Creation

    All computer systems associated with your organization should create audit logs to record and track login data. In the case of a security breach, investigators will have a way of tracing and potentially identifying where the problem occurred.

    Draft and Publicize Your Privacy Policy

    A company’s privacy policy is defined as a document that explains how they will collect, store, use and share their  clients’ data. In other words, your privacy policy details your privacy practices. You are obligated to make it accessible and understandable, and to keep it up to date.

    Make sure that you keep the policy’s language simple and not bogged down in legalese. You should also explain how updates will be announced and ask customers to agree to the procedures before any transactions or other business is conducted.

    Once you’ve drawn up your document, consider getting professional legal advice to make sure that you have covered all facets. Then, make the policy as public as you can; easily visible within a physical store, and clearly displayed on your website. Publicizing your privacy policy is a central tenet of regulations like GDPR and CCPA; failure to do so can put your company out of compliance with these regulations.

    Closing Remarks

    Failure to protect both business and client data  can have long-lasting ramifications. Losing business data can make it impossible to trade and to manage internal company affairs and losing client data can put off repeat customers and create legal nightmares.

    Good privacy practices are thus essential, and it’s equally important to make them transparent for today’s sophisticated consumers. This is true for companies of any size, but larger corporations are better equipped to do so and to deal with any fallouts, simply because they have more resources.

    Small businesses are especially vulnerable and should be particularly careful to use best practices. Taking the time to put the correct measures in place will save considerable time and money in the future. Your operations and reputation will be all the better for it.