It’s been quite the year for hackers – first around Thanksgiving, they attacked Sony, then they targeted the Anthem database in January, went after government security clearance data in June, and breached the notorious Ashley Madison affair website in July. These attacks embarrassed employees and business owners, put millions of dollars at risk, infuriated customers, and alienated online users.
Unfortunately, these security breaches are just a few that have made the headlines in the past 12 months. (You can see a summary of the world’s biggest data breaches here.)
But it’s not just big businesses that are being targeted. Smaller businesses are just as likely to be hacked as large organizations (See pg. 5 of Verizon’s “2013 Complete Data Breach Investigation”). Think about your funeral home and all the data you have access to – social security numbers, credit card numbers, and other personal information. Do you have policies in place to protect your customers’ information?
At OGR’s Fall Forum this past weekend in Indianapolis, Eric Castiglia of OGR Supply Partner Memorial Payment Solutions presented on data security and how to keep your “back door locked.” Eric shared how small businesses aren’t immune to breaches, especially if there isn’t enough security in place.
What would you do if your funeral home experienced a security breach? Can you imagine calling the families you’ve served and telling them they need to cancel their credit cards and that their personal information they entrusted you with has been compromised? You’d risk losing their trust, your reputation, and eventually their business. A security breach is a potential disaster for any small business.
It’s imperative to protect your business and the families you serve. Here are a few next steps from Saturday’s presentation.
Implement a security policy and email/Internet usage policy.
Maintain a policy that addresses information security. It should outline numerous components including employee roles and responsibilities, risk assessment, security training and awareness, logical access control, and physical access control.
Do you know what your employees are doing while they’re on the computer at work? Do you have instructions outlining acceptable uses for company computers? Implementing and updating a security policy will answer these questions and more.
Update your firewall.
When was the last time you updated your firewall? It’s imperative to install and maintain a firewall configuration that will protect cardholder data and other sensitive information. OGR will be exploring these guidelines and more in a webinar next month.
Create better passwords.
And by better passwords, use 12 characters, upper case and lower case letters, numerals, and symbols. Make the password a phrase that only you can remember.
Change your password every 90 days. Make sure each user of your system has a unique user ID and password. Don’t share your user ID or password with other staff members. Don’t leave it on a sticky note at your computer.
And for heaven’s sake, don’t be like Michael from “The Office” and make it as simplistic as using “incorrect.”
Register for OGR’s webinar.
Do you need to update what you’re already doing? Join us for our free* webinar on November 3 with Eric and learn about how you can maintain your funeral home’s data security and ensure you’re using the right standard (through something called the Payment Card Industry Data Security Standard.) This webinar will be a repeat of his Fall Forum presentation, and we’re offering it free to OGR members. It will contain all the tips you need to get started on protecting your firm from a data breach. (*OGR Members: Free for no credit or $50/person for CE credit – in states where approved. Nonmembers: $75/person (includes CE credit in states where approved.)
By Jessica A. Smith,
Assistant Executive Director