Protect customer data
How to guard important information
By Matthew Stibbe
Facts and figures
Another month, another stolen laptop or hacked website. Every time, thousands of people are exposed to the risk of identity theft. This is bad for them, but it's also bad for the companies that are responsible. Reputations suffer, clients leave, and careers crash and burn.
There are legal risks too. One of the eight principles of the Data Protection Act is that personal information must be 'secure'. Reckless disclosure is a criminal offence.
On top of all that, imagine if your competitors got hold of your precious client lists and contact details. Or a disgruntled employee was able to sabotage or steal your data.
Whether you use Excel, Business Contact Manager or Microsoft CRM, making sure your customer data is safe is not an abstract concern for the geeks in the IT department. It is a board-level business issue.
Guard your data
| • | Follow the data. Where does it come into your business? Who has access to it? Where is it stored? Where is backed up? How is it archived? Track your data through the business to see where weak points occur. |
| • | Control access. You need to operate a 'need to know' policy on customer data. Few people need access to everything on your company servers - and anyone who does needs to be carefully vetted - so make sure your databases and servers restrict access by role. |
| • | Watch your website. According to the DTI's latest security breaches survey, a third of ecommerce websites don't encrypt customer data. Evil hackers and criminals don't even need to leave home to attack your website - don't make it easy for them. Get your website tested and locked down. |
| • | Don't forget the basics. According to Symantec's latest threat report, 30 of the top 50 malicious code samples exposed confidential information. Spyware and viruses are the easiest way for bad guys to get into |
| • | Backup your backups. Offsite backups are a necessity, but make sure that the data on your backup tapes is encrypted and that you find a reputable firm to store it. |
| • | Don't forget the human dimension. Policies and training are important. Too many security policies make perfect sense to HR lawyers and IT people but not to the people who are supposed to follow them. The best possible policy isn't going to deter a ne'er-do-well, so you also need to be careful with recruitment - take up references, for example - and remember to 'shut the door' on leavers by deleting all their user accounts as soon as they leave. |
Finally, make sure you ask smart questions. Here are twelve simple questions to ask your IT department and suppliers. Don't be fobbed off with technospeak.
What next?
| • | Get free software training from Small Business+. Sign up now. |
| • | Matthew writes a new column every fortnight. Subscribe and get each edition direct to your inbox. |
More info >