[BreachExchange] How to Keep Your Customers’ Data Secure

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 2 18:44:16 EDT 2017


Cybersecurity and data protection are becoming areas of focus due to the
rise in high-profile data hacks. Besides the loss of stakeholder value, a
data breach can cause exposure to lawsuits, financial losses and
irreparable consequences like a severely tarnished reputation.

Consumers, on the other hand, are increasingly becoming concerned about the
security of their personal data. In fact, customers prefer to shop for
products and receive services from organizations that adhere to data
policies and protection standards. Therefore, the use and protection of
customer data should be a priority for any company that values its clients.

Here are some of the key strategies your company can implement to ensure
your customers’ data isn’t compromised.

Encrypt Customers’ Data

Encryption is the process of encoding sensitive information to make it
unreadable to anyone else except the intended party. Encryption plays a
vital role in protecting your customers’ data. This technique protects the
data from external hackers as well as insider access. You can consider
obtaining an SSL Certificate to establish an encrypted link between your
website and a client’s browser. You may also want to use strong FTP
passwords that do not contain your personal information like name, date of
birth, SSN or phone number. Also, ensure that any scripts, platforms, and
applications are up-to-date to avoid exploitation of outdated applications.

While protecting customer information involves a vast array of
technologies, services, and policies, encrypting data at rest and data in
transit will provide you with an additional security layer in protecting
customer information from data breaches.

Don’t Store Sensitive Data A customer database is a must-have for every
business. However, when acquiring information, businesses should only
collect the personal information they need like names and addresses. Do not
simply collect sensitive information because you think it may be useful at
a later date.

Personal information required at a particular time becomes a liability if
it is stored longer than necessary. Therefore, if you need the information
later, collect it at that time.

After collecting the necessary information, do not store the data unless
you have a good business reason to store it. The stored data should only be
used for lawful purposes e.g. storing Social Security numbers for tax

Customer records should frequently be revised to make sure a minimal amount
of data is stored. Also, ensure that the software used to read and process
customer data isn’t saving the information.

Train Your Employees

Training your staff about online safety is a crucial step towards the
safety of your customers’ data. Your employees need to understand the
importance of protecting customer information as well as their
responsibilities when it comes to network access usage. Help them
understand the risks associated with data breach by teaching them how to
make sound judgments online.

Develop clear IT security policies that will be provided to new staff
members during the induction training as well as refresher training to
ensure your entire workforce is aware of the policies in your company.

Your employees need to know that by clicking on links in emails from
unknown senders and downloading attachments they can unknowingly install
malware that can give hackers access to your customers’ data. Once they
have a person’s private information hackers can even commit identity theft.
Knowing how to prevent this from happening is your employees’

Use a Wiping Program

Electronic storage devices lock every piece of information that ever passes
through them regardless of whether you deleted it or if it was just a
temporary file. Having your employees’ devices stolen or lost could have
sensitive customer data fall into the wrong hand. This makes your company’s
computers and other mobile devices your worst enemies when it comes to
protecting your client data privacy. Use remote wipe software to remove
files from a hard drive permanently. Once a hard drive has been erased, no
recovery program can extract previous data stored in the drive.
Additionally, the software programs have a free disc space wipe that wipes
up all the free space on the hard drive which may contain previously
deleted files.

Final Thoughts

Due to the increase in data leakage scandals, customers have become warier
of companies they entrust with their personal information. Use the
discussed techniques to protect your customers’ information and minimize
the possibility of a data breach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170502/5680d737/attachment.html>

More information about the BreachExchange mailing list