Category: Info Security and Compliance

Data privacy compliance

What Small Businesses Need to Know About Data Privacy Compliance

Posted on | by Lindsay | Leave a Comment on What Small Businesses Need to Know About Data Privacy Compliance

No small business owner wants to be on the receiving end of a hefty fine or legal issue due to something as simple as mishandling paperwork or data. 

But that’s indeed a serious risk if your company is violating local data privacy regulations—especially if that mishandling results in a data breach.

Many jurisdictions are getting more serious about regulating what kind of personal data businesses can collect and how they should handle that data once they have it. Data privacy laws and regulations can be pretty complicated. And it doesn’t help that small business owners don’t usually have a ton of resources to devote to data security. 

However, data privacy and security is just as important for small businesses as it is for big ones. In fact, they might even be more important. 

Understanding U.S. Privacy Regulations 

Right now in the U.S., there are plenty of laws that regulate how companies handle personal data. Unfortunately, these laws come in many different forms and from many different places.

Some federal laws regulate certain types of personal data, such as health data (thanks to the Health Insurance Portability and Accountability Act of 1996) and the personal details of kids under age 13 (thanks to the Children’s Online Privacy Protection Act of 1998). The Sarbanes-Oxley Act of 2002 also has a set of data privacy regulations for publicly-traded companies. 

However, most data privacy laws in the U.S. that pertain to small businesses exist at the state level.

Bonus download: Before You Collect Any Personal Data, Ask These Questions
Click Here

State data privacy laws require businesses to implement “reasonable security procedures and practices” to protect the personal information from “unauthorized access, destruction, use, modification, or disclosure.”

Most states have also enacted laws regulating data disposal (regulating how long businesses can keep personal information on file and how they should delete or destroy it) and security breach notifications (regulating how and when companies need to inform consumers that their data has been compromised). 

The details of these requirements can vary a lot from state to state, though. 

As this Council of Foreign Relations article points out regarding data breach legislation, “These laws have different and sometimes incompatible provisions regarding what categories and types of personal information warrant protection, which entities are covered, and even what constitutes a breach.” 

The laws may specify different deadlines and different notification requirements (sometimes governmental organizations have to be notified in addition to the consumers affected).

Introducing the GDPR

However, other Western countries have more comprehensive personal data rules for companies to follow. Most notably, in 2018, Europe enacted the General Data Privacy Regulation, which is widely considered to be the most sweeping set of data privacy regulations yet. 

Among other things, the GDPR stipulates that organizations must get consent to collect and use any personal data from consumers, and consumers can withdraw that consent at any time. It also requires that organizations be able to demonstrate a “legitimate interest” for all of the personal information they collect.

Data privacy compliance

Many people mistakenly assume that the GDPR only applies to companies that are located in Europe, but GDPR rules apply to all European citizens. So unless you can guarantee that you’ve never collected data from a European citizen (such as one who has opted into your email list, for example, or made a purchase from your online store), the GDPR could affect your small business directly.

Plus, even if you’ve never worked with European citizens, it’s still a good idea to start getting familiar with some of its guidelines. For one, if you do ever want to expand to a more global audience, you’ll already be prepared. But there’s also a good chance that similar regulations will directly affect your business in the near future. 

According to the National Conference of State Legislatures, the number of states with data security laws has doubled since 2016, “reflecting growing concerns about computer crimes and breaches of personal information.”

How Data Privacy Pays Off For Small Businesses

Following best practices for handling data isn’t just about sticking to the letter of the law and avoiding fines. Good data handling policies can also prevent (or minimize the damage from) data breaches.

When your customers entrust your company with their personal information, they’re putting a lot of faith in your staff. They know that once digital information is “out there,” it can be shared worldwide in seconds. Identity theft and the related fallout cause victims a lot of headaches and anxiety, to say nothing of potential financial losses. 

So, it goes without saying that mishandling your customers’ information will definitely damage your relationship with them—perhaps irreparably.

Perhaps that’s why, according to this Denver Post article, 60% of small businesses that suffer a cyber attack are out of business within six months.

Don’t miss: Before You Collect Any Personal Data, Ask These Questions
Click Here

Because the bigger companies with the huge data leaks that tend to make the headlines, there’s a bit of a misconception that only big companies are targeted by hackers. 

According to that same Post article, though, small and mid-sized businesses are hit by 62 percent of all cyber-attacks. Small businesses can be an attractive target for hackers because they’re generally more vulnerable than big corporations (which have millions of dollars to spend on security efforts). 

It’s safe to assume that it’s not a question of whether a criminal might try to access your sensitive data, but when they will try to access it. 

Plus, as consumers get more aware of the dangers of breaches, they will place an increasing value on dealing with companies that take data privacy seriously. Your security efforts can and should be a big part of your marketing efforts.

Protecting Your Sensitive Data

All of these data privacy needs can seem overwhelming at first. 

However, small business owners can stay compliant more easily by using software tools that were built with best privacy practices in mind. Many of the best web-based software programs for businesses today have already done the heavy lifting on security efforts.

Small business owners can stay compliant more easily by using software built with best privacy practices in mind. Click To Tweet

For example, many offices are now relying on cloud storage solutions like Google Drive and Dropbox to handle sensitive documents. 

These programs are fully encrypted and have plenty of resources to dedicate to the effort of staying ahead of the curve on security. They even offer features like file expirations dates, password protection, and even auto-delete that users can modify depending on their needs. 

Cloud-storage programs can also keep better track of which employees can access each file, and can make files easier to search and tag. 

Secure file sharing apps like Fileinbox can ensure that sensitive data stays completely safe and encrypted in transit, too, and they can be much more secure than email. A good file-sharing app like Fileinbox syncs directly with these cloud storage apps and is super-simple for customers to use.

If you’d like to try Fileinbox, the first 20 files are completely free. Click here to learn more or get started.

Emailing sensitive files

Why You Shouldn’t Email Sensitive Files (And What to Do Instead)

Posted on | by Lindsay | Leave a Comment on Why You Shouldn’t Email Sensitive Files (And What to Do Instead)

What happens to an email message after you lovingly craft it and hit Send?

If you’re picturing a little envelope shooting through the air from your computer and landing safely in the inbox of your friend or colleague, you may be in for a rude awakening,

The reality involves plenty of hardware and software, each with its own vulnerabilities that potential criminals can (and do) exploit to steal valuable data.

Although emailing sensitive files isn’t a guaranteed invitation for disaster, there are definitely more secure and convenient alternatives that you can try.

Let’s talk about exactly what happens when you send files over email, and other options to digitally share files instead.

Email Security 101

There are lots of ways for hackers to gain access to your valuable personal information after you send it in an email.

Perhaps the most straightforward way for them to do it is to steal your login credentials.

You’ve probably heard of data breaches where hackers have stolen account passwords from company databases, for example.

Bonus download: 4 Questions to Ask Any Firm That Will Handle Your Private Information
Click Here

Hackers can also try to use software that can help them guess passwords. They may even try to get you to volunteer your own passwords by sending sketchy links that parade as legitimate requests for login information (these are called Phishing scams). If you’re running outdated software or hardware, hackers can infect your computer with malware that gives them easy access to your digital assets.

Of course, you can do your best protect your own email account and personal data by:

  • avoiding suspicious links, exercising a very healthy level of skepticism at all times
  • using strong passwords and using different passwords for different accounts
  • keeping your hardware and software updated to eliminate vulnerabilities
  • keeping a close eye on your computers, and making sure they’re password protected (sometimes, stealing personal information is as easy as sitting down in front of an unlocked computer at an empty desk).

The problem is that no matter how diligent you are about your own email security, you can never guarantee that the email recipient will take the same steps. And if you’re sending a sensitive file to a company, such as an accounting or legal firm, the email might get forwarded around to various employees, left to hang out in various inboxes, or downloaded to multiple servers—all of which have their own potential for security breaches.

Emailing sensitive files

But that’s not all. In many cases, hackers don’t even need to get access to your account or your computer to steal personal information that’s sent via email. Instead, they can try to gain access by way of one of the servers that your messages bounce back and forth between on their way to the recipient.

Using a secure HTTPS connection (or making sure that you’re using a program like Gmail that uses HTTPS) generally makes it impossible for anyone to see your data as it’s being transferred. There’s a catch, though: security is only garunteed if both the sender and the recipient are using it.

Plus, it’s worth mentioning that anyone who is sharing the receiver’s internet connection at the time the file is sent will be able to see the file, too, if it’s unencrypted. This is why you’ve probably heard that it’s a bad idea to send and receive sensitive files over Public WiFi connections, like those in a coffee shop. It’s also why you need to make sure that your home network is encrypted.

The Risk of Breaches

Maybe it’s a little hard to believe that these these criminals would actually bother trying to come after your email, out of all of the emails in the world. Don’t hackers actually focus their energies on the big companies that have loads of data to steal?

Unfortunately, the answer is no.

Although those big hacks are the ones that tend to make the headlines, that doesn’t necessarily mean that large companies are the only ones being targeted. Savvy criminals may rightly assume that small business owners can’t exactly spend the huge money on security that bigger companies can, and that makes small businesses ideal targets.

Personal computers aren’t safe, either. The use of malware—and ransomware, in particular—has continued to rise over the years for pretty much everyone. With these data breach incidents soaring, good attention to security is only becoming more important.

Don’t miss: 4 Questions to Ask Any Firm That Will Handle Your Private Information
Click Here

Alternatives to Email

Maybe at this point you’ve realized using email to send your sensitive personal or financial information is a bad idea.

But what are you supposed to do instead? Hop on your horse and buggy and deliver the papers by hand?

In fact, some people still do opt for snail mail and even fax (!!) to send sensitive files.

These paper files may indeed be more secure than email while they’re moving from one place to the next. However, don’t be fooled: Transferring your digital info to paper doesn’t guarantee its security. Click To Tweet

Hard copies of sensitive files can be left lying around visible on someone’s desk, for example, or just hanging out in the trash can. In some offices, any paper files will simply be digitized by staff and exposed to the same security threats that other digital files face.

Plus, paper-reliant options are slower, and they come along with plenty of equipment-related headaches (odds are that your recipient doesn’t even have a working fax machine anymore).

Thankfully, you can still send your files digitally while keeping them secure.

Alternative: Use a Cloud Storage Solution

The main security benefit of programs like Dropbox and Google Drive is the guarantee of a secure connection. Unlike email, you can know that the files will be both sent and received with the security of HTTPS.

These cloud-based file sharing programs also allow more control over who has access to the files once they’re sent, thanks to user permissions levels and sophisticated ways of authenticating who is logging in.

Finally, because these cloud-based solutions have hundreds of people on staff working to keep their data secure, there’s less of a chance of a breach due to someone neglecting to update their hardware, software, and firewalls (which is exactly the kind of thing that happens in typical small office environments).

The biggest downside to using shared cloud storage program is that you will have to create an account with the same program your recipient uses in order to share your files. Creating a bunch of new accounts to send files and keeping track of the logins for those accounts can be a huge hassle.

Alternative: Use a File Sharing App

Perhaps the best solution for securely sharing files is to use an app that was specifically developed for that purpose.

These apps are similar to cloud-based file storage solutions, but with several more helpful features. Specifically, they make it super easy for users to share files without creating an account. They also connect with a variety of common cloud-storage apps to make it easier for recipients to organize the files the way they like.

Emailing sensitive files

Fileinbox screenshot

The best file sharing apps, such as Fileinbox, allow recipients to publish a user-friendly, on-brand, and fully encrypted page where senders can simply drag and drop their sensitive files. There are no hoops to jump through, and everything is totally secure.
If you want to try it for yourself, sign up for a free, 7-day trial. Fileinbox also offers a money-back guarantee if you’re not completely happy. Click here to get started.