According to the Wall Street Journal, Europe has strict rules about how businesses can collect data, how they store that private information and how they can use it. The U.S. has no such laws on the books. This means that your customers are totally dependent upon you when it comes to protecting their personal information. If you want to protect your relationship with your customers, you must protect their data.
All an identity thief needs is a person’s name, address and social security number in order to steal an identity. Once that personal information is in your hands, it is up to you to protect it in any way you can.
The first step is to make data protection more than an “IT problem,” says Information Week. Data protection must be a company-wide effort, beginning with how that data is used and shared within your organization. Say you own an insurance company and have forms that include a client’s name, address, date of birth, next of kin and social security number. It’s not simply IT’s problem to store that data securely. You need a policy for which departments it will go through on its way to IT, who will handle it, and what kind of safeguards you will have in place. For example, you may want to consider doing a thorough background and credit check on any employee who is going to handle sensitive information.
Collect only the data you are legitimately going to use. If you own a dry cleaning business there is no reason for you to have someone’s home address or social security number. If you can get by with a first name and telephone number you will save yourself the worry of having to build firewalls large enough to keep identity thieves out.
Add Extra Protection
You may be able to rest easier with a system in place that offers intuitive threat detection, advanced Internet surveillance and a proactive alert system. Keeping a data security employee on staff can be expensive in terms of salary and benefits and many businesses find that hiring the work out to a company that protects data 24/7 saves them money.
If you’re going to store customer data, make sure it is encrypted. Info Security Magazine reports that 60 percent of customer data that had been lost or stolen was not encrypted. If your business collects personal information, it is in your best interest to hire an IT department capable of properly encrypting it so that it can’t be used, even if it does fall into the wrong hands. Make sure to routinely re-evaluate your encryption processes. If you’re still using encryption standards from several years ago, it is likely that they can be broken into today. Criminals work hard to stay one step ahead of your efforts to change things up.
Whole-disk encryption is superior to file-level encryption, particularly if you have employees who use their PCs or mobile devices to work with customer data. If a phone or laptop is lost or stolen you have less risk of losing that valuable data when whole-disk encryption has taken place.