As photographers, we all should understand the importance of taking care of our equipment. Cleaning, storage, battery charging/replacing … slacking off in any one of those areas could ruin a shoot and cost you a customer.
Thing is, there is something else we use on a regular basis—so much so that we tend to take it for granted: your hard drive. Not the actual drive itself (we all know enough to make regular backups, right?): the data on it.
We keep important client information on our computers: names, addresses, phone numbers, and sometimes more. Can you imagine those clients’ faces if we had to say “Sorry, my computer was hacked, and your info is now on the Dark Net.”?
And what about photos? While cloud-storage is the latest thing, some of us probably have current pics on our drives for easier access … and I would venture to say nearly all of us have older photos stored on drives because we saw no need to upload them. What if criminals got hold of those? Especially for those who may work in boudoir photography? It’s a lawsuit waiting to happen.
According to Lloyd’s of London, the estimated cost of cyberattacks is $400 billion annually … and that number is predicted to jump to nearly $2 TRILLION by the end of this year. One financial tech expert called the impending disaster an “ecommerce Armageddon.”
And we can’t assume that we won’t be targets just because we’re not global conglomerates: According to the Verizon Data Breach Investigation Report, 61% of breaches hit smaller businesses in 2017, up from the previous year’s 53%.
Hackers know your hard drive isn’t that mother lode, but they also count on the fact that you’re not doing much if anything to protect the data. We often think of cybercriminals as organized, Oceans 11-type outfits who concentrate on large companies—and some of them are. But there are also a lot of “pickpockets” out there, making multiple small scores—flying below the radar, as it were.
If knowing all this doesn’t cause you a little anxiety, you might want to re-read it. The question, of course, is whether there is anything you can do about it.
Of course there is.
In reality, there are multiple steps you can take, most of them fairly simple. First and foremost, you need to protect your business and its computer systems using things like firewalls, virus protection, server monitoring, and data encryption. You should also perform regular security risk assessments to identify “weak links” where your data could be vulnerable.
Any cybersecurity software you install should run through the cloud (as opposed to a local server) and needs to go on all of your computers and all your mobile devices (you have client info on your phone, right?).
Automated computer backups are a good thing, too. Again, whenever you do this, you should move data to the cloud—although it never hurts to have a back-up of the back-up on a portable drive you keep in a safety deposit box or somewhere else off the premises. And as for those old pictures you have still on hard drives? That’s a no-brainer: disconnect those drives from the internet, and you’re done.
Or maybe just get rid of them. I know it’s tempting to hold on to everything “just in case,” but the fact is, the less identifiable client info you have, the less your risk of a catastrophe. One thing you never want to save is credit card data. It can be convenient, your clients trust you, I get it. But again: thieves can’t steal it if you don’t have it … not to mention there are legalities involved with you storing that information.
Other proactive steps you can take:
- Invest in cyber liability insurance
- Train staff to spot the warning signs of “phishy” emails
- Enable two-factor authentication
Some 60% of smaller businesses to go out of business after of a cyberattack. Don’t become a statistic: take steps now to insure your data’s security.
In a future post, I’ll talk about what needs to happen if you DO fall victim to a data breach.