If your business collects private information, from personal and contact details to bank and credit card information – you need to make sure all that sensitive data is always kept safe and secure.
Customer data needs to be protected, and data security needs to become one of the top priorities for your business. Any unauthorised access or data breach can have serious consequences, from loss of customer trust and damage to your company’s reputation to significant financial losses and even lawsuits.
In the event of a data breach, you are also obligated to notify the proper authorities and the customers affected. The Privacy Amendment Act 2017 established the Notifiable Data Breaches Scheme in Australia effective 22 February 2018. This requires all businesses, organisations and agencies with an annual turnover of $3 million or more to notify individuals of any damaging data breach involving their personal information and instruct them of the steps to be taken.
Some of the biggest data breaches
Data breaches can have a devastating damage to you, your business and your customers. Here are some of the notable global data breaches in past few years:
In 2017, Yahoo revealed that the 2013 data breach actually had 3 billion affected customers – the biggest breach in history! Names, email addresses, usernames, passwords, and dates of births were leaked. Yahoo had to face 43 class action lawsuits and the loss of $350 million from its sale price to Verizon.
In July 2017, 143 million customers were affected by a data breach. Social Security numbers, birth dates and other personal details were exposed. The company hired forensics experts to aid in the investigation, created a website to meet the needs of the individuals affected by the breach, and issued a statement of apology. The breach has so far cost Equifax a staggering $200-300 million.
In late 2016, two hackers were able to expose the names, addresses and phone numbers of 57 million users and 600,000 driver accounts. Uber however waited a year before informing the public and the authorities of the data breach. What’s worse, the company also paid the hackers $100,000 to destroy any evidence of the breach.
This caused a significant damage to Uber’s reputation and for its value to fall significantly from $68 billion to $48 billion during the sale to Softbank at that time.
How to protect your customer data
Your customer data is a vital aspect of your business. You collect and use data for the efficient delivery of your products and services. Keeping this data safe makes your company trustworthy and reliable.
So, how do you properly protect your customer data? Here are 10 ways to improve data security for your business:
1. Be up to date with data breach best practices
You can learn a lot from forums, conferences, research, websites and even industry peers. This will bring you and your organisation up to speed with new trends and technologies to prevent customer data breaches.
2. Analyse how your company collects, processes and stores customer data
Each step or data transfer must be secure and encrypted. Also, it is important to understand who can access the data and how to secure access to sensitive information. Use the appropriate and best encryption for your data. Aside from electronic files, protect paper customer data as well. Make sure your confidential paper files are kept in a secure and locked storage.
3. Have a centralised monitoring system
Be able to track any hack or data breach in your network of computers, servers and printers. Monitor your servers and databases. Have a backup power supply for servers in case of power outages or maintenance.
4. Update all machines, networks and printers with the latest technologies and software
Have regularly updated security software installed in your computers. Partner with third party antivirus and anti-malware companies to provide regular automated updates. Also, have a configured firewall in place to screen incoming and outgoing traffic.
5. Control data access
Do you have complete visibility and control over your data network, storage and access level? Implement strong passwords to access customer data. Identify, restrict and monitor staff levels of access and usage to sensitive and confidential information.
6. Create customer data protection policies
These policies should include securing paper or electronic data using locked storage and encryption of data, having passwords or pin ID to access customer data, encrypted file transfers, plus monitored and secure databases and servers.
7. Educate your staff on data protection
It would be essential to create a culture of security with your company. Your staff need to know the possible risks and vulnerabilities, how to constantly protect customer information, and what to do in case of a data breach.
8. Have clear guidelines on sharing customer data with partners and suppliers
Formulate an agreement or contract covering all procedures on sharing information with third parties. Set up security controls to ensure that they comply with the agreed upon customer data protection standards.
9. Dispose of paper and electronic waste properly
Paper documents should be shredded or disposed in secure bins to avoid any possible security breaches. Electronic data needs to be carefully disposed of. Merely moving electronic files such as emails and documents to the trash bin does not mean that the data has been permanently deleted.
10. Have a Crisis Management Plan (CMP) in place
A CMP covers the detailed procedures for staff and managers to follow if a data breach occurs. It outlines the process of investigation and specifies pertinent steps such as the disconnection of computers, printers and other equipment connected to the network affected by the breach. The CMP may also include the steps to notify authorities and affected customers in case of a serious data breach.
Data security is a major ongoing concern for any business, regardless of size. If you collect personal customer information, then you are responsible in keeping that data safe and secure. Any major breach can lead to loss of customers, financial losses, damage to reputation, and even legal or compliance implications.
The key to preventing data breaches is to handle customer data responsibly from collection, transfer, processing, storing and disposal. Educate your team about data protection policies and best practices.
Want to be 100% sure that your customer data is safe? Book a site audit today, and we can help you identify the vulnerabilities and security risks that can expose your customer data to hackers.
Or to learn more about how we can work with you to tailor an MPS solution to your specific business needs, download our Tailored MPS Implementation Fact Sheet.