Protecting your customer’s data has become a huge focus in recent years. With major breaches of customer data happening to big names like Deloitte, Facebook and Under Armour, and with our local Notifiable Data Breaches scheme launching and Europe’s introduction of GDPR, protecting your customer’s data is more important than ever.
It’s easy to understand the importance of doing so, but how to do it? After all, if major companies such as Facebook are failing to protect their customer data, how are you expected to maintain your data’s integrity? By following a set of simple rules, you’ll be able to keep your security standards high and minimize the chances of a breach, and the loss of customer data – as well as the negative PR that goes with it.
1) Digital walls keep out just as many intruders as physical ones do
The first step any business should take in protecting their customer data is having the IT department set up firewalls, anti-virus software, and similar layers of protection on servers and other data storage devices.
Sometimes, all it takes is one staff member clicking the wrong link for malware to find its way into your companies’ systems. There’s no such thing as too much protection, so ensure your business is using firewalls, anti-virus software, and similar security systems on server hardware, to prevent such human errors causing data intrusions.
Additionally, you should ensure your IT department limits the capabilities of company property. Restrict access to websites not related to work on computers and prevent staff from installing unknown apps and software on their smart phones.
It’s much better to prevent a problem from happening in the first place, than to try and fix it once things start to go wrong.
2) Lock your hardware down
Breaches don’t just come from outside the company; sometimes it only takes one smart intruder to get away with a system from your establishment and cause havoc. Prevent this type of security breach by locking your hardware down with physical barriers (locked doors and windows) and use Kensington locks if available to prevent removal of devices.
Finally, teach staff the importance of not leaving their devices unattended, particularly if they’re using mobile devices such as laptops and tablets to work on the go.
3) Sometimes one wall isn’t enough, so add another around your data centre
Very few of your staff should need direct access to your server room, so prevent a direct intrusion by limiting the amount of access staff and other on-site visitors have to your server hardware. This might mean locking the room the servers are housed in or moving your servers to a more secure location.
While it’s unlikely intrusions will come from on-site, it’s not impossible for this type of breach to happen. One unlocked door is all it often takes for your customer’s data to be compromised, and for you to be in a difficult situation.
4) Updates and upgrades
To date, you may have done everything necessary to protect your customer’s data, but if your security software is dated, it’s likely not protecting your customer’s data as well as you might think.
Imagine if you installed a door to your office; 20 years later, it’s starting to wobble in the frame, and it takes a few turns of the key to ensure it’s locked properly. Your confidence in the protection of that door would surely be less than when it was first installed. So don’t assume security for your business is a one-and-done type of affair, either.
Take the time to ensure your software (not just security software, but the programs your staff use day-to-day too) is up-to-date, and be sure to do the same with your hardware.
When Microsoft releases its security updates on the second Tuesday of each month, they’re effectively telling the world what security holes they’ve identified and fixed. If you’re not staying up-to-date then you’re asking for trouble.
5) Choose a reliable cloud provider
Not got your customer’s data on-site? Then it’s vital your business chooses a cloud provider that puts the security of your customer and company data as one of its top priorities. Look at the selling points each cloud vendor provides, and if available, look at the companies’ values around protection, and efforts to inform their customers about security.
Microsoft’s ‘Trust Center’ is a great example of attention being placed on security of your company data.
Your chosen cloud provider should be making every effort to protect your customer data and should also be following the previously mentioned points; including updating their security, their hardware, and giving you the option to restrict access to files hosted with the provider.
Follow these five steps, and your company should be protecting its customer data in the smartest and most effective way possible. If the worst should happen, and your customer’s data is compromised, make every effort to inform your customers as soon as possible.
This will allow your customers to change passwords, sensitive information, and so on. You can’t always protect customer data, but you can certainly take steps to mitigate the worst effects of such a breach.
Content guest written by Bryan Chua from our proud partners at Byte.
Byte is the provider of OneSpace which is an IT solution tailored for accounting firms who want to minimise their business downtime, reduce IT maintenance and cost, and provide employees with the flexibility to access accounting software packages and data from anywhere at anytime through a secure and uninterrupted seamless cloud solution.