Late last year, Target Corp. revealed a massive data breach of its systems, resulting in 70 million customer records being compromised.

Recently, they revealed that the hackers got in initially through credentials stolen from a Target vendor.  There are some lessons here for the small business owner, regarding security:

1. Many successful data breaches are accomplished through “social engineering”.  This means using non-technical means to gather sensitive data or passwords.  For instance, calling technical support and impersonating the real account holder – convincing the rep to reveal information about the account.
2. Your security is only as strong as its weakest link.  This may be your web software, your hosting provider’s security, employees, your smartphone, or the filing cabinet where you store customer information.
3. You should monitor your security regularly to prevent breaches, or catch a problem early on.

Here are a few points for reviewing your data security:

• Who has passwords to your website?  Any time an employee or consultant leaves your business, you should change passwords.
• Where / how is sensitive data handled?  Do you clean out unnecessary information (like credit card info), etc.  on a regular basis?  Have you reviewed PCI guidelines if you are an online vendor?
• Do you proactively update your web software to make sure any security issues are addressed?  Do you have someone who understands web security who can review your site occasionally?

A data breach can literally wipe out a small business.  Customers lose confidence in you, they may sue you, and your credit card company may cancel your merchant account.  So it’s important to pay attention to the threats out there, and be proactive about security.