While the IPIA specifically focuses on the business side of pole, we are all humans…
Data Security for Pole Business: What It Is, Why You Need It, and How to Get It (Part 2 of 2)
In Part 1 we talked about creating contact information that is unique for your business, rather than using your personal data (like phone, address, and email). We also talked about how important creating strong passwords are and how to protect them.
In this post, we’re diving beyond those basics—so buckle up!
Going Beyond the Data Security Basics
Beyond the things you need to do yourself, let’s talk about data privacy and security for your website and how you capture customer data and financial information.
Whatever point of sale system you have for your business should have consumer data privacy and security associated with it.
Programs like Square, and Quickbooks have protections built-in to their software. Before you purchase a point of sale system, make sure it’s protecting your customers the way you want, especially if your system allows customers to keep a card on file.
Scheduling services like IPIA partner WellnessLiving each have their own (private) protocols for keeping your customer’s data safe. Any reputable scheduling software will have (at least some) security protocols.
If you (the business owner) are not the only one accessing the administrative side of the business, ask yourself these questions:
- Do you have an administrative assistant?
- Do your teachers assist with administration? or your mom? your spouse?
Make sure each individual person has their own log in, even if you have to upgrade to a more expensive version of the software.
This is imperative so you can revoke someone’s access the moment they leave your company (even if it’s on good terms, terminate their access immediately). Failure to do this can lead to vulnerabilities in your system (maybe not from the former employee, but the more active administrative or administrative-esque log-ins there are, the avenues of attack for the people trying to steal your information).
Additionally, if everyone is using one log-in, this can prevent automated checks from catching suspicious flags; it also leaves a muddy audit trail if things go sideways—you won’t have a clear record of who did what actions at what time.
The other thing IPIA’s resident cybersecurity guru suggests is getting some kind of dark web monitoring service for your personal information and your business information.
Some banks and credit cards offer a form of identity and dark web monitoring, but IPIA’s resident cybersecurity guru is a little more paranoid than most and recommends getting additional monitoring. She recommends NordVPN which is a virtual private network that provides dark web monitoring as part of its services (and a password manager if you’re looking for an all in one solution!).
You can add multiple data points to monitor like personal and business emails, multiple phone numbers, social security numbers, etc. As soon as you are alerted of your information on the dark web, you should change your passwords to something new (never reuse old passwords–they’ve probably been leaked or scraped from somewhere) and if you can change your username too (and not just an enumeration of your current username). It doesn’t matter how safe your password is if it ended up on the web in clear text.
Physical Data Protection
You’ve made it all the way here without running away! Congrats! Now let’s dive into physical data protection.
Ask yourself these questions:
- Do you have your students sign a safety waiver before class? Is it a physical waiver?
- Do you enter that information somewhere?
- Do you store the physical copies?
The standard for storing people’s personal information in physical form is generally behind two locks: for example in a locked file cabinet inside a locked room. If you are entering the information somewhere digital (with all the securities we talked about above) then you are responsible for the proper destruction of the physical information (typically shredded with a crosscut paper shredder like this).
Additionally, IPIA’s resident cyber security guru recommends avoiding writing paper checks at all costs.
Checks contain an insane amount of information: your name, your business’s name, your business’s address, your bank account number and routing number, and your signature–basically everything someone needs to steal your bank account and your identity. If you can do a digital transaction, DO IT. Even if there is a transaction fee. A $50 transaction fee is DEFINITELY worth avoiding the headache of having your business’s identity stolen.
All this security information may feel really overwhelming.
We understand! We didn’t start our businesses with all these best practices in mind either. You may not have started here, but with a little bit of work, you can transition your business to follow these guidelines. Data thieves are looking for the lowest hanging fruit, so elevate your business to protect your assets!