Are companies keeping customer data safe?
Losing your customers' data, through a hack or a mistake, can land a business with huge fines and lose them future customers. Here are seven steps to staying safe.
The recent TalkTalk and Yahoo data breaches have shown how crucial it is to have customer data adequately protected. Breaches are simply unacceptable, and on top of potential fines a company that fails this test is likely to find itself with fewer customers.
It is natural to worry about losing data through a cyber-attack, but protection is important against all forms of threats, from accidental leaks and insider threats to the theft of laptops or mobile phones.
Ultimately, as the Information Commissioner's Office (ICO) has warned, an organisation has a responsibility to protect customer data. Data security policy and procedures should be checked regularly to ensure continued protection in line with current best practice.
Here are seven security priorities for businesses.
1. Encrypt everything
There is no excuse to store anything in plain text, as any successful attack on your company will result in a full dump of your customers' data. Every bit of personal information you collect should be encrypted securely, so that in the event of data theft the information stolen is useless to the thieves. Encryption should apply no matter where the data is ultimately held – on a local server, a laptop or a mobile phone, or in the cloud.
2. Use secure printing
A lot of secure documents end up in a shared printer's output bin, potentially leaking confidential information to whoever picks it up first. With secure printing, such as that provided by Brother, a printer only prints when a user authenticates. This prevents printouts from sitting unattended and ensures that data is only seen by those with the required permissions.
3. Protect mobile devices
The mobile revolution has been good for businesses, introducing more flexibility, but it has also opened up more dangers. In addition to encryption, all mobile devices, including smartphones and laptops, should be secured with passwords. You should have tracking software installed to find lost devices, and your IT staff should be able to remotely wipe everything securely to prevent data loss.
4. Be wary of insider threats
One of the biggest threats to customer data comes from your own employees. Whether maliciously or from a malware attack, your employees may become the source of a damaging leak. To protect against this, staff should only be given the level of access to a system they need. You should also look to segment your internal network, preventing a breach in one part of your company from spreading to another. And train your staff so that they know how to spot malicious emails and suspicious downloads.
5. Use two-factor authentication
With two-factor authentication, users need to provide both their username and password, and a one-time key. This key is usually regenerated every 60 seconds and can be sent via SMS or created by a mobile app. With this kind of system, if a user's password is breached, hackers cannot access your systems as they cannot generate the required two-factor key. If you have customers that can access your systems, enable two-factor authentication for them as well.
6. Implement a data protection policy
A proper data protection policy that all staff are required to learn is a must. This must set out how data should be handled, transported and accessed, both internally and externally. It should also cover exactly how staff should interact with the outside world and the steps required to authenticate a customer before any private details are revealed. Full compliance from everyone that works in your company is needed to ensure that your business meets its data protection requirements.
7. Tell your customers what you've done
Customers are, quite rightly – given the recent big breaches – rather worried about the safety of their data. The best thing that you can do is let them know how you protect their details to give them more confidence in your company. You should also take the time to explain your policy on divulging personal information and the things that you will not do: for example, not asking a customer to provide sensitive information via email.
Customer data is one of the most valuable things that your business has. Every company has a real duty to protect it gainst theft and leaks. Ultimately, the companies that can prove that they protect sensitive data the most are the ones that will thrive; the businesses open to attacks will pay heavy penalties and lose customers.
Learn how businesses from various sectors are employing technology to their advantage by visiting Brother’s business solutions homepage.