How to Protect Your Customer Data From Theft
The recent Target data breach gave U.S. businesses of all sizes reason to think seriously about how well they’re protecting customer information. Any mishandling or theft of client records could damage a company’s reputation — or put it out of business altogether.
How do you protect customer data in all of its forms, across platforms, and at different locations? Consider implementing these basic security measures to reduce your security risks.
1. Take inventory. To develop an effective security strategy, the Better Business Bureau recommends answering a few questions:
- How do you store customer data? On individual computer hard drives, on an in-house server, in the cloud, etc.
- How do you move data? What types of tools do your employees use to work with customer data? Can they access it from home? On mobile devices? Can they print documents and take them out of the office?
- Do you have a security policy? Have you set — and communicated — your guidelines to all employees? Do you monitor and enforce them? (See #7.)
- How much would improvements cost? There are numerous ways to better protect your data, some of which are expensive. How much of an investment can you manage?
2. Use strong passwords. If you and/or your employees are using weak passwords, such as the easy-to-guess “123456,” “password,” or even the company’s name, there is very little you can do to protect unwanted access to your digital data. Mandate a change right away. Microsoft offers some tips and guidelines for creating strong passwords in its Safety & Security Center.
3. Encrypt everything. Encryption makes data unreadable to unauthorized users. For PC users, PCWorld offers this how-to article. For Mac users, try software like FileVault 2. If your employees are using a mobile device for work, here’s what to do to secure those devices.
4. Restrict access. Nearly all systems come with a way of setting up multiple levels of user access. Give employees access to only what they need to do their job effectively. Reducing the number of people who can access data gives you more control over where it goes. Employees shouldn't leave the premises with printouts containing sensitive customer data, either.
5. Block intruders. You should have antivirus software installed on all company computers, and any employee who accesses company data from a mobile device should have antivirus software as well. You don’t have to spend a lot of money for protection: AVG, for example, offers a free app that has been reviewed as well as many paid options.
6. Delete unnecessary data. Do you ask for mailing addresses but send no mail? How about Social Security numbers for no particular reason? If you don’t need the data, don’t collect it. Further, if you have digital or paper files that you haven’t accessed in years, get rid of them. Shred hard copies and securely delete e-documents. (On a Mac, go to the Finder and select Secure Empty Trash. On a PC, try an app like File Shredder.)
7. Establish a security policy. Formal compliance standards can help you create a policy for data security. ISO 17799 is the general standard for anybody who deals with sensitive data. It details best practices for keeping data safe, including policy development, training, and ongoing evaluation. If you accept debit and credit cards, the PCI Security Standards Council assists merchants in building a security process that comprises reasonable prevention, detection, and reaction in the event of a breach; it offers self-assessment tools, training resources, and instructions on how to get certified. The Center for Internet Security also helps businesses to better protect their data from attacks.
Tim Parker is a business writer for Intuit and is passionate about solving small business problems.