Tips For protecting customer data

Clearly, antivirus, firewall and other security technologies aren’t enough. Companies need to think carefully about how and where they are storing customer data, who has access to it, and how to prevent prying eyes from stealing the data and sharing it with other cybercriminals and manipulating customers with e-mail phishing attacks.

1: Limit access to customer PII
Companies today have an open culture when it comes to data. But that policy shouldn’t be consistent across all data types, particularly personally identifiable information, or PII. In our company, we recently reviewed who has access to our customer database and noticed that not all of the authorized users needed access to certain types of data. As a result, we have pared down access to just a few employees.

2. Bulletproof your security software and your network
Protect customer data as you would financial data. Organizations can refer to publicly available guidelines, such as those published by the PCI Security Standards Council. You should encrypt all of your customer information at the database level to avoid unauthorized users from hacking into your accounts. You may want to consider Tokenization, which is a higher level of security. Often used for e-commerce transactions, including credit card data, tokenization replaces sensitive data with unique identification symbols so that PII stays out of the data stream.

Another option is to deploy anti-phishing software, which can secure the e-mail channel by blocking malicious e-mail messages purporting to be from you. The software does this by checking for proper e-mail authentication and issuing alerts when fraudulent activity is detected. These are just a few examples of the kind of security protections you need for customer data. A third-party security audit of your systems and processes can evaluate your infrastructure, provide recommendations and issue annual certifications.

3. Require that partners and vendors with access to customer data also have the best available protection
Agencies, software firms and e-mail service providers should have the same (if not better) controls as your company. For instance, if you use a marketing automation solution for campaign generation and tracking, your provider should require IP address blocking so that only users from within your firewall can access customer data and e-mail addresses. External IP addresses will be locked out if they obtain passwords and attempt to log in to a customer database.

If any of your partners stores customer data for you, understand exactly how they are securing their information systems and handling access control.

4. Get the help of a lawyer
If a breach occurs, your company could be on the line for thousands or millions of dollars in lawsuits and other fees to your customers. What type of protections can you build into your services to prevent financial disaster and what guarantees do you need to provide to customers if their data is compromised, lost, or stolen? This also applies to your marketing vendors. What are their obligations if a breach occurs in their systems? This could include legal fees and other financial penalties. Have your lawyer draft the appropriate language for your Web site, customer documentation and vendor contracts.

5. Educate your employees
Developing policies and providing regular training for employees handling customer data is imperative. Consider adding internal security measures to protect against the possibility of social hacking incidents. These are situations in which, for example, an employee who has access to your data has the account password stolen.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: