Customer Data Security : What Every Business Should Be Doing To Protect Its Customers

Online, July 25, 2012 (Newswire.com) - In light of many high-profile incidents involving the loss or theft of customer data, including passwords and credit card numbers, it is understandable that customers should be concerned about the ways in which businesses use and protect their data. Customer data requires stringent security measures; if a company is not taking these measures, we must wonder how high a value it places on protecting its customers' information.

A cursory glance at some of the more recent security breaches suggests that some major companies are failing to prioritize the security of their customers' information. Additionally, failure to immediately notify customers after the event that their data may have been compromised also reflects adversely on the company involved and can seriously affect a business's reputation - once lost, customer confidence is almost impossible to regain. Effects on the customer can range from inconvenience - a sudden deluge of spam, or the need to change all of their passwords - to financial loss, or even the nightmare of identity theft.

From the customer's viewpoint, the situation presents an unanswerable dilemma. Some people happily share information on social media and type in credit card numbers and personally identifiable information on a wide range of websites without a great deal of thought, at least until something goes wrong, while others are almost paranoid about whom they allow to access their information. Unfortunately, if we refuse to allow any businesses to access our data, everyday life, as we know it in the developed world, would become unlivable. We could not book flights or shop online, we certainly should not own credit cards or have bank accounts and social interactions would be far more limited. If we wish to take advantage of the 'conveniences' offered by modern technology, we must, apparently, be prepared to accept some risk.

That said, it is incumbent on any business, large or small, to have comprehensive privacy policies and security measures in place to minimize the risk to its customers. Failure to do this could potentially result in multi-million dollar lawsuits as well as a loss of trust, so it should be something companies are prepared to spend time and money on. Below are the minimal measures that all companies who collect sensitive data from their customers should have in place.

• Encryption of all customer data as it is received

• Limited access to any personally identifiable information - employees should be given access to customer data on a strict 'need to know' basis

• Individual, 'strong' passwords and usernames for each employee

• Added security questions whenever employees are logging in off site (as is the norm for online banking)

• Employee education regarding the paramount importance of the company's privacy policy, with procedures in place to ensure all new hires are familiar with the policy and that all employees actually adhere to it

• Controlled use of private memory sticks or laptops for employees working with customer data, with only company-issued and encrypted mobile devices being allowed off site

• Enforceable agreements with business partners and sub-contractors to ensure that their security measures are as stringent as the company's own

• Physical security on site to prevent theft or fire damage

• High-quality electronic security to avoid viruses and deter hackers

No one should give a company sensitive personal data unless they have complete confidence in its security systems.

Janet Taylor writes for InSite Systems, a leader in surveys systems and a pioneer of online survey tool. For more information about our customer feedback system visit http://www.insitesystems.com