A Guide to Best Practices for Protecting Customer Data

shutterstock_159960011More customer data is being stored and exchanged by business than ever before, and data breaches are growing proportionately. This article provides some best practice guidelines for companies who handle personal information, and lists some of the best ways to protect customer data.

  • Limit access – Conduct a review and identify which employees have access to your customer information, and then restrict access to only those who need it.
  • Encrypt all customer information and use whole-disk encryption, rather than just file-level encryption.
  • Deploy anti-phishing software to prevent phishing emails from entering the network.
  • Introduce a two-step verification process for accessing customer data.
  • Review partner security – As well as tightening your own security, ensure any partner companies that you deal with have the same level of data protection as you do.
  • Have regular outside audits conducted to test and evaluate your security and to recommend improvements.
  • Educate your employees – Many data breaches are the result of employee ignorance or mistakes, so draft a clear data security policy and make sure all employees understand and adhere to it.
  • Delete any unnecessary customer data. If it’s not being used or is not likely to be used in the near future, then get rid of it.
  • Regularly update your security and virus protection software.
  • Scan all devices before allowing them access to the network.
  • Use a good firewall to keep malicious threats out of the network.
  • Adopt the view that data security is an overall organisational responsibility and not just an IT problem.
  • Only deal with cloud service providers who use stringent security measures.
  • Install remote wiping capabilities in all BYOD devices and require employees to immediately report the loss or theft of a device.
  • Develop HR policies that require background checks of new employees and revoke network access immediately when employees leave the organisation.
  • Make sure all obsolete computers have had their hard drives completely wiped before sending them to be recycled.
  • As well as digital security, make sure that your network hardware is also physically secured under lock and key and that access to it is limited.

As was shown by the recent customer data breach at Target in the US, the penalties for inadequate data security can be enormous. Not only is there the loss of trust with customers, resulting in loss of business, but the fines and lawsuits that often follow can add up to millions of dollars. So observing best practice security measures with regard to customer data is not just common sense, it can also be an investment in the very future of your business.