Protecting customer data is a top priority for many businesses in an age of increasing remote work, digitisation and cybersecurity threats. From personal and contact details to bank and credit card information, business owners and IT leaders must ensure that personal and sensitive data is always secure, regardless of where employees access information from.
An unauthorised access or data breach can have serious consequences for your business. Not only can it damage your company’s reputation and deteriorate customer trust, but it can also lead to significant financial losses and even lawsuits. It’s important that your IT team and management understand your businesses’ legal obligations when it comes to customer data security.
For example, Australian businesses with an annual turnover exceeding $3 million are required by law to notify individuals if a data breach occurs that puts them at risk of harm. However, it’s not just large companies that have these obligations; a number of small businesses are also subject to the Australian Privacy Act and the notifiable data breaches scheme. Doing your research and understanding your business’ responsibilities is the first step to protecting your customer data.
Infamous data breaches
Data breaches can do devastating damage to you, your business and your customers. Here are some of the notable global data breaches in past few years:
In 2017, Yahoo revealed that the 2013 data breach actually had 3 billion affected customers – the second biggest breach in history! Names, email addresses, usernames, passwords, and dates of births were leaked. Yahoo had to face 43 class action lawsuits and the loss of $350 million from its sale price to Verizon.
While affecting less people, the 2020 Twitter data breach immediately became a high profile case when several celebrities’ accounts were hacked and scam messages tweeted on the same day. The hackers gained access to credentials through a spear phishing attack targeting a select number of employees. During the breach, they had access to at least 350 million accounts and stole $USD 110,000 in only a few hours before the scam was shut down. Twitter faces reputational damage and potentially heavy fines from the EU GDPR regulator.
How to protect customer data
Your customer data is a vital business asset for the efficient delivery of your products and services. Keeping this data safe builds your company’s reputation as trustworthy and reliable. So, how do you protect your customer data? Here are 10 ways to improve data security for your business:
- Be up to date with data breach best practices. You can learn a lot from forums, conferences, research, websites and even industry peers. This will bring you and your organisation up to speed with new trends and technologies to prevent customer data breaches. For example, have you considered the additional risks that come with remote working and unsecured home office printers?
- Analyse how your company collects, processes and stores customer data. Each step or data transfer must be secure and encrypted. With the rise of cloud technology, it’s especially important to understand how to secure access to sensitive information wherever it’s accessed from, such as by using the best encryption and multi-factor verification for your data.
- Have a centralised monitoring system. A central system will allow you to monitor your servers and databases, track any hack or data breach in your network of devices, and supply backup power to servers in case of power outages or maintenance.
- Update all machines, networks and printers with the latest technologies and software. Install security software on your computers, printers and mobile devices that is updated regularly. Partner with third party antivirus and anti-malware companies to ensure automated updates. Also, have a configured firewall in place to screen incoming and outgoing traffic.
- Control data access. Do you have complete visibility and control over your data network, storage and access level? Implement strong passwords to access customer data. Identify, restrict and monitor staff levels of access and usage to sensitive and confidential information.
- Create customer data protection policies. These policies should include securing paper or electronic data using locked storage and encryption of data, having passwords or pin ID to access customer data, encrypted file transfers, plus monitored and secure databases and servers.
- Educate your staff on data protection. Creating a culture of security within your company is critical to reduce data breach risks due to human error. Your staff need to know possible cybersecurity threats and vulnerabilities, how to consistently protect customer information, and what to do in the event of a data breach.
- Have clear guidelines on sharing customer data with partners and suppliers. Formulate an agreement or contract covering all procedures on sharing information with third parties. Set up security controls to ensure that they comply with the agreed upon customer data protection standards.
- Dispose of paper and electronic waste properly. Paper documents should be shredded or disposed in secure bins to avoid any possible security breaches. Electronic data needs to be carefully disposed of. Merely moving electronic files such as emails and documents to the trash bin does not mean that the data has been permanently deleted.
- Have a Crisis Management Plan (CMP) in place. A CMP covers the detailed procedures for staff and managers to follow if a data breach occurs. It outlines the process of investigation and specifies pertinent steps such as the disconnection of computers, printers and other equipment connected to the network affected by the breach. The CMP may also include the steps to notify authorities and affected customers in case of a serious data breach.
Want to be 100% sure that your customer data is safe? Book a site audit today, and we can help you identify the vulnerabilities and security risks that could expose your customer data to hackers.
To learn more about the complex interplay of print and data security in an era of remote working, download our security guide, Kyocera: Major Player in the Modern Age of Document Security.
This article was originally published on 21 February 2018. It was modified on 25 January 2021.