9 Tips For Keeping Your Customer Data Secure
Timothy de Paris | September 14, 2015
Timothy de Paris | September 14, 2015
This poses a problem for today’s marketers, reliant as they are on customer data and analytics to better understand and anticipate their customer’s needs. A trade-off has to take place: in exchange for continued data contributions from customers, brands need to provide a transparent information gathering process and better security measures.
Here are 9 ways to better safeguard sensitive data and foster trust with your customers.
Trust plays an important role in increasing the willingness of consumers to share their data with brands. Yet social media sites tend to receive one of the lowest ratings of trust from consumers, according to a study by HBR.
Misleading customers about how their data is collected, stored, used and protected can create legal and reputational problems for your business.
Government agencies and trade bodies have tightened up the way they deal with organizations that publish deceptive statements in their privacy policies – so don’t get caught out. Double and triple check your privacy policies to ensure all the information is accurate and up-to-date.
If you don’t? One victim of this new regulatory crackdown has been Snapchat. They were found to have deceived users about the amount of personal data, including collecting information from iPhone contact lists and employing slack security measures that exposed users to a security breach.
Snapchat weren’t fined, but were forced to comply with a series of obligations, including implementing a comprehensive privacy program that will be monitored by an independent body for the next 20 years.
2. Update, update, update
Many organizations delay updating and patching software until quieter periods, but this can increase the risk of an attack during the interim period.
With entire marketplaces dedicated to selling these exploits, hackers constantly seek and find new ways to exploit security vulnerabilities.
Updates cost money and can divert resources, but the security benefit of making even the most minor update can outweigh the downsides.
3. Encrypt user data
Encrypting sensitive data may seem like a no-brainer, but with less than half of businesses saying that they do it, it’s still a major weakness.
Payment providers like Visa and MasterCard require retailers to encrypt card details by default during the transaction process.
However, if these details are stored on company servers - when a website remembers a user’s payment details, for example – then unless the information is protected with robust industry-standard security and the latest encryption technologies, there’s a much higher risk.
It’s not just payment cards that should be encrypted though – the theft of any personal information from your servers would have a much lower impact if it was encrypted and therefore unreadable to the hackers that obtained it.
Failing to use effective encryption tools can make the likelihood of your customers’ data falling into the wrong hands exponentially increase.
4. Be transparent with how customer data is used
Customers can be hesitant about sharing information with brands, this is largely due to a lack of transparency existing between businesses and customers about how their data is used. Transparency may go against traditional business practices but it can deliver real value to products and services, and deepen brand loyalty.
Domino’s Pizza is a good case study to look at the benefits of being transparent and involving customers: in 2008 they surveyed their customers about what they liked and didn’t like about their pizzas, Domino’s then shared the data - including the negative responses - to get feedback from the wider public. This process of feedback helped Domino’s improve their recipes and their financial position - in 2009 Domino’s share price was $7.73, and today it is $108.
By being transparent about how you use data, customers are able to see and subscribe to the bigger picture, particularly if it adds value to their interactions with the brand.
5. Verify, don’t store
With security breaches affecting businesses on a regular basis, it’s important to distinguish between collecting the data that you need (addresses and names) and the data that you don’t need (stored credit card details).
Other than for providing convenience to customers, businesses don’t have a compelling reason to store this data – especially when the risks are so high.
Creating a framework that allows third party processors to handle credit card information is a safer bet. It is their priority to have the most stringent security procedures in place to store sensitive data.
6. Minimize the availability of your data
Driven by the growth of remote working, IT departments have struggled to respond to the increased security risks posed by the rising number of devices coming in and out of their infrastructures. Relatively inexpensive software is available to help integrate these devices into IT infrastructures, providing additional security layers for login processes and tools to encrypt emails, but they are often time-consuming and resource intensive to deploy.
And whilst these tools may be useful for preventing unwarranted attacks, they do not get to the root cause of the problem - the human employees and their unpredictable behavior.
The best way to minimize the risk to your data is by training staff about the data protection policies of your business, and the wider legal procedures of the industry. Employees should be educated on best practice when dealing with sensitive customer information and know what steps to take to ensure that classified data does not get into the wrong hands.
7. Test for vulnerabilities
It’s no longer enough to cover the bare minimum security standards and hope that the measures will be sufficient to protect customer data.
Businesses, particularly e-commerce sites, need to regularly test their site to discover vulnerabilities that are not picked up by their current security tools. This may include hiring cybersecurity experts or ethical hackers to identify code vulnerabilities, undertaking daily scanning to ensure that malware hasn’t been placed around the site, or investing in more advanced security apps.
8. Prepare for the worst
Do you have a disaster recovery plan in place? If not, you should consider creating one.
And if you do have one, does it include specific contingencies for a cyber-attack?
Most organizations typically have a disaster recovery plan in place to prepare for human error, data center downtime, and natural disasters, but many overlook cyber-attack.
It’s important to have safeguards in place to ensure that, in the event of cyber-attack, day-to-day business functions can continue with as little disruption as possible.
Hackers in recent years have targeted and crippled both Sony’s PlayStation Network and their movie studio division, costing the brand millions of dollars and untold reputational damage. Both attacks were unanticipated, but businesses can now learn from the Sony experience and create contingency plans to prepare for such an attack.
Cyber-attack scenarios should be added into company’s disaster plans and include provisions for communicating with customers and employees, as well as any workarounds to distribute data should the usual infrastructure be compromised.
9. Use common sense
Despite the increased sophistication of protection from attacks targeting sensitive and ultimately valuable customer data, perhaps the best weapon against them is common sense diligence. No amount of technological advancement can protect a company from oversight and human error.
From training employees to think twice about sending sensitive information by email, to ensuring that passwords are changed on a regular basis, it makes sense to invest the necessary time and resources to protect sensitive customer data – and create a culture of collective responsibility for it.