When customers entrust you with their personal information, like their credit card numbers, addresses for delivery, names, IP addresses… it is because they trust you to handle and protect their data. If you fail to ensure this safety, you will surely lose your client's trust and your business's credibility in handling data privacy.
Why is data protection so important?
Data abuse is always a hot topic, and cybercrime is big business.
It’s not just big players that are at risk; small businesses …; small businesses are also under threat of cybercrime. Information as little as an email address could be very much appealing to hackers.
It is your responsibility to protect any data. Bear in mind when handling data from citizens in the EU, you need to be compliant with regulations, like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which require you to protect consumer data.
Failing to do so can result in massive fines, and therefore, the best way to protect your customer's entrusted data is by building a best practice from the start.
1- Take stock: know what personal information you store, on your computers, and in your files. Keep an inventory list of all your computers, laptops, mobile devices, home computers, digital copiers, and everything that might store sensitive data.
Track all personal information shared between employees within the sales department, marketing department, HR….
Limit access to your data. Not all employees should have permission to access information; likewise, not all employees need unlimited access. Make sure you put proper limitations to data access to employees and suppliers.
2- Scale down: keep only the data essential to your business. Don't just collect data to collect data. Ask yourself whether the data you have is legitimate for your business? Have you used all the information available to you? If that's not the case, get rid of all the data you don't need, and even better, don't collect the information you don't need. Scale down the access to your data. For example, give access to employees who only need specific resources for particular jobs.
3- Lock it: protect the information that you keep. Once you have the data you need, secure it. The most compelling data security plans are either physical security or electronic security. As the name indicates, physical security is all about storing paper documents or files in locked file cabinets, locking office doors at the end of the day, logging off computers, secure devices, firewalls, wireless and remote access.
Electronic security:
Identify all computers where sensitive data is stored.
Encrypt sensitive information.
Pay attention to the security of your web applications.
Use secure connections.
4- Pitch it: Get rid of what you no longer need.
How you dispose of sensitive information is crucial. Do not leave credit card receipts, CDs, and papers with personal data that identity thieves can read and reconstruct. When disposing of old computers or storage devices, wipe all programs, and delete information from hard drives.
5- Plan ahead: security breaches are fundamental and can happen anytime. The best way to prevent such security breaches is to have a plan that responds to security incidents.
Create a response plan and designate a senior member of your staff to coordinate and implement the plan. Implementing security measures, no matter how big or small your business is, will cost you next to nothing compared to the loss of trust and goodwill of your customers in the case of a security breach.
Andreas Springer _Actonic_
Head of Marketing
Actonic GmbH
Germany
2 accepted answers
2 comments