The financial penalties for not adhering to the provisions of the Data Protection Act can be severe, however, damage to the reputation of a brand – and customer loyalty can be as severe. Here are some simple steps that your business can take to protect customer data.
-
Monitor where customer data is stored
Your business needs to have a clear and consistent policy on the manner in which customer data is stored. As a general rule customer data should be stored in one central location – and should be regularly backed up. Your employees need to understand that it is not acceptable to store customer data on personal devices, including laptops and smartphones. If external drives are being used to store sensitive data then they must be housed in a cool, dry environment that has controlled access (or at the very least a room that can be locked). If the organization opts for a Cloud-Based storage option (e.g. Google Drive) every precaution must be taken to ensure that passwords are strong and secure. It is strongly recommended that all sensitive data, including customer data be encrypted.
-
Limit Access to Sensitive Data
Only authorized employees and third parties should be allowed access to sensitive data. The company also needs to ensure that regular, scheduled backups of the data take place – in order to ensure access to information if the original data is deleted either intentionally or in error. Secure logins and different access levels are essential, as is ensuring that passwords are strong (consisting of a mix of lowercase and capital letters, numbers, and symbols). Password should be changed monthly – and staff needs to be educated on the importance of safeguarding data from risks including hackers and malware.
-
Security Software is Essential
Security is only as good as the latest update so ensure that your security software remains up to date. Install anti-malware software and the latest versions of anti-spyware software and make use of XDR. Anti-virus software should be scheduled to perform at least a daily scan for the presence of viruses on the system. Left undetected and treated, these viruses can erase data – or make copies and distribute them to criminals. Staff should only open emails that are from trusted sources – and suspicious websites are to be avoided. In some instances, it may be a good idea to limit Internet access by staff when they are using company assets (such as laptops).
Firewalls are absolutely essential when it comes to limiting the access of hackers. Your newer Mac or windows machine will come with firewalls as standard – but make sure that these have been switched to active mode. A growing business should consider investing in hardware-based firewall services. This equipment is installed on business routers and prevents hackers from accessing company networks and the individual computers on the network.
-
The Importance of Regular Customer data Backups
Storing files or data in one single reputation can be a recipe for disaster. An unexpected occurrence (like a fire) can mean that the data is lost forever. Making regular backups is of the utmost importance. The best approach is to combine a mix of strategies to ensure that data is safe and always available. Incremental backups that only record changes to the original data are a popular method of backing up customer data. Using external drives such as CD, DVD or solid-state drives can be handy – but these drives can degrade over time, be stolen, or lost. Backups should be stored off-site to ensure they are safe from man-made or natural disasters. Cloud-based storage services such as those offered by Dropbox are also attractive options, however, if you choose to use third-party storage solutions, make sure that the data is encrypted.
-
Place a Limit on Data Transfers
Customer data is at its most vulnerable when it is being shared or moved. Physical storage (for example a memory stick) can be used to move data from device to device, but memory sticks can be lost or damaged. Email and streaming over a secure connection is far safer, but be aware that eMailing customer data, even if that data is password protected is not considered 100% safe. Emails are mostly unencrypted and are not that much of a challenge for hackers. Always encrypt data before you hit that ‘transfer’ button – and make sure that email protocols like SSL and IPSec are active.
You may be interested in: How to Secure Your Brand from Hacking and Fraud