Businesses today collect a lot of data about their customers: name, phone number, email address, physical address, payment information, purchases, and so much more. Customers are entrusting you with this information – it’s your duty to protect it.
Yet every month there’s a story of another company caught in a customer data security breach or unintentionally breaking privacy laws. Criminals will target businesses as they often have poor cybersecurity practices or employees are tricked into allowing hackers access to private information. They can sell this information or ransom it. Either way, it’s a stressful situation.
No matter what size of business you run, you are legally responsible for compliance with provincial and federal regulations. If you don’t comply, you could face fines, lawsuits and severe damage to your public reputation.
If you collect any type sort of customer information, you need to protect it. Here are 9 tips to protect your customer data:
1: Create a plan in case of a breach.
Prepare a response plan if there is a breach or cyberattack. The plan should include:
- Notifying appropriate authorities (privacy regulators, police).
- How to isolate the breach or protect further data from being stolen or lost.
- The communication plan for impacted employees and clients.
- Contacting your insurance company.
- Specific instructions on individual roles and responsibilities on how to respond.
- Considerations for providing additional support to impacted employees and customers.
While all data breaches and cyberattacks are a problem, through swift decisive action you can often minimize the extent of the attack and respond well. This can make a big difference to your company’s reputation and mitigate any legal action.
2: Restrict who and what gets access to data.
Before you even start collecting customer information, determine who in your company needs access to it. Only grant access on a need to know basis. All access should be password protected or if there are physical copies, physical barriers such as a keycode, lock and/or scan-to-enter.
You should also be employing encryption and other strategies to anonymize and protect client data.
3: Create a secure access point for travelling employees
For employees that need to access to the corporate network while travelling or working from home, you need to ensure their access is secure. You can do this by:
- Requiring employees to use a VPN.
- Provide company laptops that are password protected and kept up to date with software and firewall protection.
- Training employees on cyber-secure processes such as good passwords, not using public wifi, and locking their computer before leaving it.
4: Shred sensitive paper documents.
Most businesses are aware that all paperwork that identifies consumer or employee information must be properly disposed of usually by shredding. Over the years small and large businesses have become victims of data breaches after sensitive information was simply tossed out in the trash.
5: Wipe it clean.
Did you know hitting the “delete” button doesn’t necessarily permanently get rid of a file? While properly erasing files is necessary in order to comply with federal privacy regulations, so is the proper disposal of all documents and all electronic media (such as hard drives CDs DVDs). If your business doesn’t have a dedicated tech team, consider buying third-party data erasing software. Programs like Summit Hard Disk Scrubber, Active KillDisk and Blanco are all add-on programs that can permanently remove files from a hard drive. For more cash-strapped businesses consider free file erasing software such as Eraser Freeraser orFile Shredder.
6: Provide training.
Employees should know how to recognize phishing scams and other common cyberattack methods. They should be trained on cybersecurity and why protecting customer data is so important.
7. Only collect the data that’s necessary.
You should only be collecting the data that’s necessary for your business to provide its services.
8. Get outside help.
Getting a third party to audit your privacy and cybersecurity practices. They can advise you on how to improve your privacy protection and how to prevent cyberattacks and data breaches in the first place.
9. Invest in cyber liability insurance.
This coverage is designed to help you recover from a cyberattack or data breach. It can provide funds to help you deal with the attack itself, notify clients, resulting lawsuits, and repairing public relations. Talk to your broker for further information about this emerging insurance protection.