In light of recent events in the news regarding large companies and data breaches, now is a really good time to do an internal audit of your security procedures. Most companies in our industry store some sort of client data, specifically as it relates to orders (names, addresses, credit cards, etc). While we must store this data to conduct business, it’s a good idea to minimize the risk with a few simple steps.
- If you must store credit cards, do so for only as long as needed. Destroy any card information as soon as you can. Not having data to steal is one of the best ways to stay secure.
- Do not ever email credit card or sensitive client information. Most email is not secure and can be easily read by hackers. This is especially true if you use public wi-fi access points, such as airports or coffee shops.
- If you must store the credit card CVV code, destroy it as soon as the transaction is processed. We recommend that you never store this information. Most credit card companies have specific rules on storing information, and we recommend you consult them to verify you are complying with their specific rules and requirements.
- Do not use one password for all of your accounts. This one seems simple, but if you use the same password across all accounts, it makes it substantially easier for a hacker to gain access to your information, and possibly client information.
- Use complex passwords for your accounts. Is it easier to guess 123456, or p@$$w0rd8217? While hackers don’t actually try to guess the password on their own, they do have software that does it for them. Hackers can try thousands of passwords without ever lifting a finger, making it very easy to hack weak accounts.
- If you find it’s difficult to remember passwords, use password management software, such as KeePass or DashLane. These allow you to store complex passwords in an encrypted database, so you only have to remember one password to gain access to multiple accounts. You can get DashLane at http://www.dashlane.com and KeePass at http://www.keepass.info.
BrightStores is always taking steps to ensure your client data is safe. We recently released a security upgrade that makes it much harder for a hacker to guess passwords of accounts in our system. We are also forcing all users to use stronger passwords on new accounts, or when they change their password.
In the next few months we are planning on releasing additional security upgrades and enhancements. Stay tuned for more information!
Joshua N, Director of Information Technology