Small and large businesses alike often have a significant amount of sensitive client information in their databases. From credit card numbers and social security numbers to addresses and phone numbers. If you’re running your own business, you want to be sure you’re protecting your customers as well as your own liability. Here are a few steps to help protect your customers’ personal information.
Take a look and clean it out
The first thing you need to do is identify what personal information your company is in possession of. The Federal Trade Commission (FTC) recommends making a note of what the information is and where it is located. Then, get rid of anything you don’t need. Your company doesn’t need the added risk of holding onto irrelevant information. Only keep the personal information of customers you are currently working with or will work with in the future; the rest can go.
Disposing of personal information isn’t as simple as throwing it in the garbage can. The FTC suggests disposing of any physical information by cross-shredding or burning the documents. Digital data should be securely removed by using wipe utility programs.
Lock and encrypt it
If your data is digital, make sure you are storing it in a safe location. Gene Marks, contributor for Forbes.com, recommends an encrypted database. “You should have multi-levels of passwords to access any database storing customer information,” says Marks. “Change these passwords frequently.” It’s also important to make note of which of your employees have access to this information, and run thorough background checks on a regular basis, as many personal information leaks come from employees.
Protect it from malware
Hackers are often assigned a specific job: create viruses. This malware, short for malicious software, can hold your information hostage, steal it outright, or release it to the world at large. Your information needs to not only be protected from individuals, but virtual attacks which can go undetected for months. “You should make sure to have malware detection software running on both your servers (hosted or not) and workstations,” says Marks. “And ensure that your firewalls are up and secure.”
The FTC recommends that all companies, even those with the best security systems, need to be prepared for a leak. In the event of a security breach, you need to have a plan. Marks suggests updating your company’s fine print before there are any issues, “You should have your attorney update your terms and conditions to hold you harmless in the event of a stolen data incident.”
However, Marks warns of other forms of liability, “Although that still can’t stop anyone from suing you, you losing that suit or at the very least suffering the same lack of credibility and reputation issues.” Prevention is the key, but you don’t want to operate without a disaster plan.
Careless mistakes with personally identifiable information can cost your company its reputation and cause irreparable damage. Make sure you do everything in your power to protect your customers’ data and have a backup plan in the event of a security breach.