Whenever a customer gives you private information to complete a transaction, application, or other request, you owe them privacy and protection. If data you have in your possession is leaked – whether purposefully or inadvertently – you could be held liable. This begs the question, what are you doing to protect customer data?
A Right and Responsibility
When your business fills out a loan application, or some other form that requires confidential information, what’s the first thought that comes to mind? Most business owners think something like, “I sure hope this doesn’t get into the wrong hands.”
Well, something similar is happening when customers transact with your business. When they pull out a credit card, write a check, provide their social security number, or give you their mailing address, they’re trusting that their confidential information will be safeguarded.
To say that you need to be better about protecting customer data and information is an understatement. You have a serious responsibility to protect it.
Forrester Research security and risk analyst Heidi Shey goes as far as to say she believes data protection needs to be viewed as part of every corporate social responsibility (CSR) strategy.
“This is really a topic that matters to customers today,” Shey assures businesses. “The public is way more opinionated about security, privacy, breach response, than they’ve ever been before, with all the news of breaches that they see — and especially when consumers start to experience one, two, maybe more breaches themselves, it becomes much more personal. I don’t think people expect that companies can stop every single determined hacker, or some kind of malicious insider, but they really do expect that the companies they do business with to try to make it very, very hard.”
Do you have a couple of hollow facades in place to make it look like you care about data protection, or are you actually prioritizing customer privacy in tangible ways?
Most are doing the former, but it’s only a matter of time before reality catches up.
5 Ways to Protect Customer Information
The challenge of security in a world with advanced criminal cyber tactics is that you can’t just plug a few holes and hope for the best. You have to get serious about data integrity and implement an all-encompassing strategy that takes every possible risk into account. While we can’t possibly touch on every single issue in this article, let’s take a look at some of the top things you can do to build a strong foundation and set your business up for success moving forward.
1. Secure the Point of Sale
As you’re well aware, the United States just recently (within the last 18 months) added its name to the list of developed nations that are actively moving away from magnetic strip cards and embracing EMV chip card technology. This technology enhances security surrounding point of sale transactions.
“As a result of these changes, there has been a recent increase in fraud related to magnetic strip cards; hackers want to hurry and make use of stolen data before it’s obsolete,” High Risk Pay explains in this blog post on the topic of credit card fraud trends. “Experts believe this type of hacking will be most prevalent in the few years after countries change over from magnetic strip cards to chip-and-PIN varieties.”
Whether you accept card present or card not present transactions, you have to put your best foot forward in terms of securing the point of sale. This is a hacker’s preferred point of entry and it makes their job a lot easier if they can tamper with your system on the front end.
2. Use a Dedicated Server
One of the single biggest mistakes small businesses make is using a shared server to host their files. It makes sense why shared servers are chosen – they’re cheap and convenient – but when you look at the potential consequences, it becomes clear that the upfront savings aren’t worth the long-term risks.
Even if you need to cut costs in other areas to make it happen, it’s critically important that you switch your business over to a dedicated server. When you use a dedicated server, you no longer have to run your websites, programs, and scripts on the same machine as other companies and individuals. This means you instantly increase your security and don’t have to deal with the risk of being hacked by an outside party within your own server.
3. Encrypt Data
The dangerous thing about harping on the same topic over and over again is that people start to take it less seriously. They become desensitized to the relevancy of the issue at hand. That being said, don’t plug your ears just because we’re going to discuss data encryption for a moment. You’ve probably heard it all before, but that doesn’t make it any less true.
Few things are as important as data encryption in today’s cyber security field. While it’s best to prevent hackers from gaining access to your systems in the first place, encryption technology essentially renders your data useless, should it wind up in the wrong hands. Be sure to set up a regular schedule to update your data encryption so that you’re always using the most advanced technology.
4. Crack Down on BYOD Policies
There’s a lot of controversy surrounding BYOD policies. Some companies are all for them, citing benefits like lower IT costs and higher employee satisfaction. Other companies are adamantly against them because of the increased risk. But regardless of which stance your business takes, a day is coming when BYOD will be the norm and just about every organization (outside of top-secret government agencies and a few other outliers) will have its own BYOD policy in place.
The biggest problem with the average BYOD policy is that it increases the number of potential entry points a hacker has into a business. According to one study, roughly 22 percent of companies have employees who keep company data on their personal smartphones. That’s a big deal and your company must crack down on what information can be stored on personal devices if you want BYOD to be an asset.
5. Shred Sensitive Paper Documents
It’s not all about setting up a virtual fence around your company. Criminals and hackers still use traditional methods of accessing confidential customer data, which is why you have to get serious about how you handle paper documents and files – especially at disposal.
According to the Fair and Accurate Credit Transaction Act (FACTA) Disposal Rule, companies that possess customer information for business purposes have a responsibility to properly dispose of the information.
Put simply, you can’t just toss files into the trashcan and roll it out to the curb for weekly garbage pickup. You have to shred, burn, or otherwise destroy all sensitive information.
What Are You Doing to Protect Customers?
How would you grade your current data protection and information security efforts? If you’re like the average small business, you talk a good talk but walk a pretty poor walk. You want customers to think you prioritize their privacy, but when it comes down to it, you aren’t taking concrete steps towards actually safeguarding confidential information.
Protecting customer data and information is by no means an easy responsibility – especially if you do it the right way – but it’s necessary in our current cyber landscape.
That leaves you with two questions as you move forward: What are you doing to protect your customers’ information? And is it enough?