These days every business collects some sort of customer data. Whether it’s email addresses for your newsletter; browsing data via cookies on your website for remarketing; birthdays and anniversaries for reward programs; or credit card details and addresses for shipping products – you’re probably collecting quite a lot of data from your clients. But what do you do to keep that customer data secure?
You might think that you’re too small to have to worry about hackers, or data security because obviously, hackers are going to go after larger businesses with a better payoff. Well, you’re wrong on two counts. Firstly because hackers are only one of the possible sources of data breaches. Secondly, in thinking that a hacker will only target larger businesses. What that means is that regardless of the size of your business, you need to have some sort of data collection, retention and storage policy.
Why Should I Be Worried About Data Security?
There’s two main reasons to be concerned about the security of data about customers who do business with you:
- Bad PR
People are very concerned about the security of their data and their online privacy. If your business has a breach or is even perceived as not being secure, people will choose to go elsewhere. Not to mention what will happen if you have a breach that causes customer data to be stolen. For most of us, it could easily cost us our business. - Legal Issues
Legislation exists surrounding the use of data and the security of data and there can be fairly substantial penalties for non-compliance. The legislative requirements vary depending on where you are. In Australia you can find information at:
- Electronic Frontiers Australia
- Office of the Australian Information Commission
- Australian Communications and Media Authority
Also, don’t forget to check your State Government website for laws specific to your state.
What You Can Do To Help Keep Customer Data Secure
There’s a lot you can do to improve the security of your customer data. If you store and retain credit card data, consult an IT security professional to make sure your systems are secure. However, if you just keep some non-identifying data, there are still things you can do to make sure you keep it safe.
Make regular backups and store them offsite.
That way, if data is lost due to theft, fire, flood or similar you’ll still have a copy of everything. Cloud storage is ideal for this, but make sure you’re storage provider is secure and that you won’t be breaking any laws regarding offshore storage of data. Ideally, have multiple copies in different locations and formats.
Have a policy about taking data offsite.
You really don’t want somebody finding a thumb drive or printout of customer data at a train station or cafe. So make sure that data on thumb drives is encrypted, don’t take printouts out of the office unless necessary and make sure that you have a policy covering both transporting data and what to do if something is lost.
Use secure passwords.
Don’t use the same password for multiple systems, use passwords with a variety of cases, symbols and numbers wherever possible. Don’t write passwords on devices (you’d be amazed how many businesses I see with the laptop password on a label on the laptop). I know it can be difficult, so why not try a password manager?
Take measures to protect computers and networks…
from hackers and viruses etc. Make sure definitions update automatically on a daily basis and have a firewall that’s configured as securely as possible to provide the access you need while still being secure.
Watch your device access.
If you want to be able to access data across multiple devices, make sure they’re all secure. There’s no point having secure access in your office when losing your phone or tablet would allow access to anyone anywhere.
Don’t collect data that you don’t need.
I know it can be tempting to collect and keep all the data you can on your clients. It can be tremendously useful later when you’re creating ideal client profiles, marketing etc.
Apply manufacturers updates regularly.
Most software manufacturers produce regular updates that fix issues and plug any security holes in their systems. Set your systems to update automatically or create a regular process for updating. Updates and patches can’t help unless they’re installed.
Have secure disposal processes.
This means making sure you wipe devices and computers before disposing of them as well as having procedures for discarding paper information. Simply throwing paper in the recycling bin is rarely enough. A cross cut shredder is a cheap investment alternatively, contact one of the companies that offer secure document destruction.
Keeping customer data secure is important for any business. You might think that you’re not at risk, or that the information you keep is not that important however all it takes is one breach and you can lose the trust of your clients. If you’d like some more information, check out this article from the Australian Department of Industry, Innovation and Science and it’s links.