Subscribe to the InfoTech eNewsletter

infoTECH Feature

January 06, 2017

Ten Essential Ways to Protect and Secure Customers' Data

By Special Guest
Joy Mali, Certified Digital Analyst

Protecting your customers’ data is a vital part of your network security. If any of this data is stolen, it doesn’t just affect those customers, it affects your entire company’s reputation. You may quickly become known as a business that has poor cybersecurity. You can lose the trust of your customers, and other potential customers may decide to go with one of your competitors instead of working with you. There are even some businesses that have had to close their doors after they were hacked because too many of their customers no longer trusted them with their sensitive information.

You don’t want this to ever happen to you. In order to avoid this type of public embarrassment and potential loss of customers, follow these ten essential ways to protect your customers’ sensitive, personal data.

1. Make Data Security Everyone’s Responsibility

Protecting your customers’ data shouldn’t fall to your IT department or solely on any one person. The IT department is often only aware of how information is stored on the network. That’s all they protect. They aren’t able to protect information when it’s being used, especially if that information is on a hard copy. This means the entire company needs to know how to protect sensitive data. This can include things such as locking a computer when an employee steps away from it and making sure that files with information are not left out where anyone can read them.

Employees also need to know to be aware and responsible for information. This includes more than just files or reports. They have to be careful with flash drives and emails that contain customer data, laptops they take out of the office, and anything else that may contain sensitive information.

2. Keep Up-to-Date on Security Encryption

As hackers break data encryption, newer and stronger encryption methods are created and employed by experts to protect their data. Make sure you stay on top of these new encryption methods and implement them in your business to keep all of your data secured and protected. If you continue to use older encryptions, it’s possible hackers will have broken those security measures months or years ago. That means using those encryptions provides you with no protection whatsoever. It would be like having a lock on your house but leaving the key hanging off the doorknob.

3. Only Give Access to Those Who Need it

Does every employee in your company need to access your customers’ sensitive information? Probably not. That’s why it’s vital to limit who has access to that information. Only those who really need to have access to it should have it. Otherwise, you’re creating additional security risks that could result in the loss of your customers’ trust and loyalty. When someone shows that they cannot be trusted with this access, revoke it. This may mean that person has to move into a different position within the company or has to be let go, but it’s better to do that than to play fast and loose with a customer’s credit card number.

4. Have a Bring-Your-Own-Device (BYOD) Policy

Many employees are bringing their own devices such as smartphones, laptops, and tablets to the office on a daily basis. They connect these devices to your network, which could be the entry point viruses and malware are looking for. You can’t control what kind of security these devices have, but you can control their access to your network and what data they have access to.

You can also install an intrusion detection system like Snort. Snort will monitor your network for intruders and other suspicious activity. If someone attempts to break into your system, Snort will detect it, isolate it, and notify you about the hack. It also watches your established employee accounts for suspicious behavior. If one tries to access your sensitive, secured information without the proper credentials, you’ll also be alerted that you may have a compromised account.

5. Install Malware Protection

While you can block websites you know contain harmful viruses, it’s not always easy to tell when a verified site has been hacked. Sometimes, hackers break into a website and, instead of doing any damage to it, leave malware behind. This malware can then infiltrate any computer that visits the site. By installing malware monitoring software, you’ll receive an alert when this occurs and the malware will be blocked.

6. Destroy Old Documents

Once a paper document containing sensitive customer information, it should be shredded and properly disposed of. Keeping this information after it’s no longer needed is creating another security risk because that paper could get lost, shuffled in with other papers, or stolen. In addition to shredding these papers, they may also be burned or in some other way destroyed so that the information on them cannot be read.

7. Have Layers of Security

Hackers may have found a way to get through one layer of Web security, but they may not always know how to breach your second or third layer. Having additional layer types of network security is necessary these days to discourage hackers and protect your information. Many cyberterrorists simply want to quickly destroy websites or steal information, and if they find that your site is a challenge, they may move on. If your security signals that it has been attacked but not breached, you know that these multiple security layers did their job.

8. Teach Employees How to Protect Your Network

Employees need to know how to protect your network, and you need to have clear policies on how employees are to handle customer information. They should know that such sensitive information is never to be emailed or sent via text to a customer. They need to understand what laws protect this data and what they must do to make certain they follow those laws.

9. Store Nothing that Isn’t Needed

Do you need to keep a customer’s credit card information on file for months? If not, it needs to be purged from your system. You should only keep information on hand that you know you will need again. Having other information simply means you have more to tempt hackers. It also takes up space on your network and makes you a bigger target.

10. Make Sure Everyone Uses Strong Passwords

Everyone, including your employees, senior management, and your customers, needs to use a strong password to access your system. Sometimes, the point of entry is through a customer account, so require them to use passwords that are just as strong as yours in order to provide your system with as much security as possible.

Edited by Alicia Young

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers