Decrypted | Insights from Virtru to Unlock New Ideas

A Data Protection Guide for Small Businesses

Written by Editorial Team | Apr 24, 2020 1:57:22 PM

As a small business owner, you probably know the concept of wearing multiple hats all too well. With all that is on your plate, it’s not always easy to take a step back and consider data protection and the implications on your business. But, armed with the knowledge of why data protection matters and the right technology, you can put your business in an even better position to succeed. After all, the cost of protecting your data far outweighs the cost of a data breach.

Why Does Data Protection Matter for Small Businesses?

In today’s business landscape, where more and more interactions and transactions are taking place online and where data is the backbone of your business, small businesses simply cannot afford to not take data protection seriously. If there’s one thing to remember about data protection for small businesses, it’s that personally identifiable information (PII) is flowing all throughout your business and therefore must be protected in order to protect your business.

To illustrate how critical data protection is for small businesses specifically, take a look at what recently happened at the Small Business Administration (SBA). The SBA is the agency overseeing relief to small businesses during the coronavirus pandemic, and recently confirmed that some loan applicants may have had their PII exposed to other loan applicants.  “Personally identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on [the Small Business Administration’s] loan application site,” SBA spokeswoman Carol Wilkerson confirmed.

Even without the added pressure of protecting your business during a pandemic, it is important to know that data protection is always critical. In fact, it can quite literally make or break your business. Other examples of critical data protection needs for small businesses include sharing sensitive financial information with potential business partners, communicating confidential HR matters with one of your employees, and protecting customers’ data in accordance with data privacy regulations.

Data protection may feel like a daunting task but its significance cannot be overstated; here’s what you need to know to get started.

PII Protection for Small Businesses

What is PII?

PII is any data that can be used to identify a specific individual. Along with the more traditional types of PII—such as name, mailing address, email address, date of birth, Social Security number and phone number—the scope of what is considered PII has broadened to now include IP addresses, login IDs, personally identifiable financial information (PIFI) and even social media posts. 

PII can be broken down into two categories: sensitive and non-sensitive.

  • Non-sensitive PII can be easily gathered from public records—such as an individual’s ethnicity, gender, or zip code. This type of data is often readily available and if it ends up in the wrong hands, likely does not cause any harm to the individual.
  • Sensitive PII—such as passport, driver’s license or Social Security numbers—however, can cause harm if it ends up in the wrong hands.

Protecting PII with the appropriate levels of security can shield your Small business from lost revenue, reputational damage, or noncompliance fines.

How Can Small Businesses Protect PII?

PII is attractive to bad actors who can sell it or use it against you. Therefore, it is imperative that no matter the manner in which your business uses it, you secure PII at all times. Failure to do so leaves you exposed and at risk of attacks, heavy fines, and loss of customer trust. Here are six practical steps you can take to begin securing PII today: 

  1. Identify the PII your business collects, processes, and uses. 
  2. Locate where PII is stored to get a better understanding of which systems you need to protect.
  3. Classify PII in terms of sensitivity—the likelihood of being compromised and the possible consequences of the data being exposed.
  4. Establish an acceptable usage policy that defines who can access PII and the acceptable way(s) to use it.
  5. Implement an encryption solution that fits seamlessly with the way you work today.
  6. Back up your solution with training for employees and customers, as needed.

What Should Small Businesses Do to Comply with GDPR and CCPA?

The first of it’s kind in the U.S., the California Consumer Privacy Act (CCPA) has been referred to as “California’s GDPR” largely because both laws force organizations to change the way they do business in order to satisfy customer concerns around their personal data. Both the CCPA and the EU’s General Data Protection Regulation (GDPR) give consumers the right to know what information is collected about them, what information is shared or sold, and who that information may be shared with or sold to.

Despite common misconceptions, GDPR and CCPA do in fact apply to small businesses. The two regulations are largely similar in principle but have different nuances that are important to understand. Protecting sensitive data with encryption is not an explicit requirement for either CCPA or GDPR compliance, but it is encouraged. Critically, data that is encrypted may avoid fines in the event of a breach. 

How can Virtru Help Small Businesses Meet GDPR and CCPA Compliance?

Small businesses can’t afford to just hope that their partners (including the SBA), employees, and other individuals are doing the right thing and taking the necessary steps to protect sensitive data. Instead, small businesses can rely on Virtru’s email and file protections to offer data-centric security via end-to-end encryption that prevents unauthorized access and enables persistent control and visibility as sensitive data is shared. With data-centric security in place, you will always remain in control of your data, even after it has been shared.

Virtru’s user-centric approach also ensures protections are embedded directly into email (Gmail or Outlook) and file (Google Drive) workflows that you and your team are already familiar with, ultimately driving up adoption rates and making data protection easier for everyone involved. 

If your organization is interested in learning how Virtru can help modernize your service delivery models and internal collaboration workflows, contact us to see how easy it is to keep your business’ data private and compliant.