According to the Wall Street Journal, Europe has strict rules about how businesses collect data, store private information, and use it. The U.S. has no such laws on the books. This means that your customers are dependent upon you when it comes to protecting their personal information. If you want to protect your relationship with your customers, you must protect their data.
All an identity thief needs is a person’s name, address, and social security number to steal an identity. Once that personal information is in your hands, it is up to you to protect it in any way you can.
The first step is to make data protection more than an “IT problem,” says Information Week. Data protection must be a company-wide effort, beginning with how that data is used and shared within your organization.
Say you own an insurance company and have forms that include a client’s name, address, date of birth, next of kin, and social security number. It’s not simply IT’s a problem to store that data securely.
You need a policy for which departments it will go through to IT, who will handle it, and what kind of safeguards you will have in place. For example, you may want to consider doing a thorough background and credit check on any employee who will handle sensitive information.
Collect only the data you are legitimately going to use. If you own a dry cleaning business, you have no reason to have someone’s home address or social security number. If you can get by with a first name and telephone number, you will save yourself the worry of building firewalls large enough to keep identity thieves out.
Add Extra Protection
You may be able to rest more straightforward with a system in place that offers intuitive threat detection, advanced Internet surveillance, and a proactive alert system. Keeping a data security employee on staff can be expensive in terms of salary and benefits. Many businesses find that hiring the work out to a company that protects data 24/7 saves them money.
If you’re going to store customer data, make sure it is encrypted. Info Security Magazine reports that 60 percent of customer data lost or stolen was not encrypted. If your business collects personal information, it is in your best interest to hire an IT department capable of properly encrypting it so that it can’t be used, even if it does fall into the wrong hands.
Make sure to re-evaluate your encryption processes routinely. If you’re still using encryption standards from several years ago, they can likely be broken into today. Criminals work hard to stay one step ahead of their efforts to change things up.
Whole-disk encryption is superior to file-level encryption, mainly if employees use their PCs or mobile devices to work with customer data. If a phone or laptop is lost or stolen, you have less risk of losing that valuable data when whole-disk encryption has taken place.