Online privacy best practices you should implement in your small business

Online privacy best practices you should implement in your small business

Has the term “online privacy” become an oxymoron? To have privacy is to have the ability to choose what we disclose about ourselves to others and impose limits on how our information can be used. However, it seems that every other day, we hear about IT systems being breached, customer data being stolen and sold on the dark web, and data scrapers obtaining information about us without our permission.

Commerce, be it in person or online, requires businesses to uphold privacy. This is because customers trust merchants and service providers with their payment card information, contact details, and personal and/or private information. If a company does not fulfill this fundamental requirement, then people will not do business with them. To win and keep the trust of your customers, implement these online privacy best practices in your business.

If a company does not uphold the privacy of its customers, then people will not transact with that business.

For employees

Some staff members are more at risk of getting hit with cyberattacks such as phishing scams than others. These “very attacked persons” or “VAPs” can be account managers who handle cash transactions for the company, or public relations officers or HR personnel who need to be highly visible online. Prioritizing your VAPs is a great way to immediately level up your data privacy protection efforts, though having all employees exercise online privacy practices is obviously best for your business.

Have staff members limit their visibility on social media

We’re not saying that your company censor your employees, but rather that they limit who can see what they post on social media. If left unrestricted, information about them can be easily gleaned off the web — and that information can be used by spear phishers to send them convincing spoofed emails.

To illustrate, let us say that an employee wrote a Facebook post about their bank. Phishers can then send them an email that looks and reads like the ones that the bank sends. That spoofed email might say that the bank has recently suffered a data breach, and that clients must update their account credentials in case their current ones were compromised. The recipient clicks on the link provided in the email, lands on a fake login page, and inadvertently gives their bank account credentials to the cybercriminal.

Prohibit the use of unencrypted channels and storage for private information

Don’t let employees store sensitive company files unencrypted or transmit these using messaging apps such as Facebook Messenger. This is to prevent your data from being exposed in case employees’ user accounts are taken over by hackers.

Furthermore, when sending and receiving files or messages, do so over a channel with end-to-end encryption. This way, not even that channel itself can view these — and hackers won’t find anything useful if they break into the channel’s servers or try to intercept your communications via man-in-the-middle attacks.

Encourage good password habits and the use of multifactor authentication (MFA)

One good habit is to always use unique and strong passwords for every account. This is because if the credentials for one account are stolen and other accounts also use those credentials, then all of those accounts will be compromised.

Moreover, requiring staff to submit additional identity authentication requirements such as fingerprint scans or hardware keys will keep their accounts locked away from those who may steal their primary credentials.

For customers

Customers will also have to do their part in protecting their own online privacy, and you can help them accomplish this by doing the following:

Secure customer accounts with MFA

Some customers may find having to take extra steps before they can access their accounts a nuisance. But they'll feel safer and at ease knowing that their accounts can't be easily hacked because of the additional protection MFA provides.

Automatically sign out inactive customers

Some online services, such as Gmail, allow customers to remain logged into their accounts until they sign out. While this provides convenience, it also grants easy access to unauthorized users. For instance, if one of your customers leaves their smartphone or computer unlocked, anyone can easily access the information on the device. To prevent customers’ accounts from being taken over, automatically log out customers after they’ve been idle for a certain amount of time.

Send helpful reminders about staying safe online

Customers appreciate it when you show care and concern for their online privacy. Reputable banks, in particular, will send emails warning against scams and reminding customers that they will never be asked to verify their banking accounts via email.

If and when you suspect that your customers’ accounts with you are compromised, promptly inform them

Notify affected parties immediately of a compromised account so they can take the necessary steps to protect themselves. They can change their credentials or close their accounts and create new ones. Plus, if their compromised accounts utilize reused passwords, they can change the credentials of other accounts that use the same password.

Beyond promptly notifying them, provide them with the resources they need to resolve their issues and concerns. For instance, you can offer them a hotline they can call in case they need further information.

In addition to using our tips above, you can further ensure the online privacy of your employees and customers by leveraging cost-effective cybersecurity tools. In this regard, let our IT experts at NetQuest be of service. To learn more, send us a message today.


Discover what you can do to strengthen your cloud data’s protection from loss and cyberthreats. Download our free eBook today to learn how!Download here
+ +