Recent studies show that 60% of businesses fail in the first six months of operation due to hackers and cyberattacks. As an online business with most of your operations in the digital space, your company is even more at risk of malware, viruses and data theft. You’re surely aware of the existence of such risks, so what are you doing to protect your business and the personal information of your customers?

Dangers of a data breach
As of 2018, the average cost to a business after a major data breach was upwards of $8 million. Then there is the damage to your reputation. If customers are buying from your web site and entering their credit card numbers, socials, addresses and other personal information – and they catch wind that you were not protecting it – they probably will go elsewhere.

Even if you can afford to pay the initial costs associated with the breach, legal ramifications could extend for years to come.

Secure web design
Start by designing your web site so it uses an SSL connection, which will turn the HTTP at the front of your web address to an HTTPS (the “s” stands for “secure”). This way, when a web form is completed on your site, the customer’s information will be immediately encrypted and can’t be stolen while it’s going from their computer to your web site. These days, customers are attuned to that “s” toward the beginning of your web address and they may not even consider using your services unless you have it.

It’s also important that you design your site in a way that tells customers about the risks and directs them to make a choice regarding whether to continue with your business. If your web site uses cookies, for instance, you need to have an advisory note on the first page announcing that and asking the customer to acknowledge. Internet cookies are data files saved on the customer’s computer or phone so that future web sites can tailor information specific to their needs and likes. Unfortunately, hackers may steal those cookies and the personal data within.

Common threats
A dependable trick hackers continue to use frequently is the phishing email. This is a message that appears to be from an authentic source like a financial institution or government entity that’s meant to scare someone into opening the email and clicking on the included link or attachment. When users do either of those things, they’re opening the door to the hacker who can gain access from there to the user’s e-commerce web site.

Of course, one of the easiest ways to gain access to an online company is to take advantage of weak passwords. In fact, hackers often employ a brute-force attack where they bombard the web site with potential passwords until they guess correctly and enter. That’s why it’s so important to require that customers create strong passwords when making a new account. They should have a combination of letters, numbers, and special characters and passwords should be updated regularly.

Preventive measures
Once your web site is up and running, bring in an expert to complete a vulnerability analysis. Essentially, this process involves checking your site for problem areas and weak access points and determining if it is accurately protected.

You also need to have backup systems in place so you can recoup important data if it’s lost or stolen. All data should be backed up and encrypted so it can’t be used if stolen. In addition to backup servers, all devices should have antivirus software installed. Also, systems should be scanned weekly to catch any new threats.

All programs – from your firewall to your hosting software – should be updated regularly so you can always be protected against the newest dangers.

What to do after a data breach
If your web site does become compromised, you’ll need to act swiftly to mitigate the damage. Create that plan now, so you’re prepared if the unfortunate does occur.

The first step is to determine what was stolen. If it’s only company data, you need to find out what type it was. Then, close any necessary accounts and determine how the data was stolen so you can eliminate the vulnerability going forward.

If customer information is stolen, you must alert all who were impacted. If you try to hide the theft and the customers find out, your reputation will certainly never recover. Who you notify will depend on the type of business you run. If financial information was stolen, you must tell the customers so they can cancel cards or make other precautions. Also contact credit reporting agencies so that they know in advance if a fraudulent credit card is opened.

If your business collects Social Security numbers, notify the customers, the IRS and law enforcement to make them aware in case the thieves use the information for identity fraud. Immediately after the breach occurs, change all passwords and ensure that all files and networks have the correct permissions so only authorized personnel have access.

The worst day in an entrepreneur’s life is the day they get hacked. Do your best to avoid this situation ahead of time and you will create happy customers who are confident in your services.

Beau Peters is a freelance writer from the Pacific Northwest with a passion for purpose-driven business content.