In a world of identify theft and online scams, it’s important to keep customer information safe and secure. Repeat business depends upon developing customers’ trust and confidence, and data security is a key indicator of a solid company in this cyber world.
With no alarm system yet available for data, this article gives you some pointers to keep your customers’ information safe and secure.
Information Security Plan
Even a small business needs to have policies and procedures written down, and in some localities, it’s actually required by law. In truth, if a data system failure does occur, it’s better to have a plan laid out in advance than to be in reaction mode in a time of crisis. Then staff knows what’s expected of them, and there is no panic within the troops.
It’s especially important to spell out how information is communicated to customers and by whom. While salespeople may have great relationships with their customers, message from management needs to be powerful and consistent in trying times.
It’s a company’s responsibility to make employees aware of procedures when dealing with sensitive personal information and, further, to train employees in those procedures. Ultimately it is the employer’s responsibility to ensure data security and legal ramifications will be aimed at the employer alone in most cases. A well-trained staff will help make data security a priority to lessen management’s worries about the state of the business.
Guidelines that are clear to employees mean there are no decisions to be made in a vacuum. Employees know what they are to do and can execute with confidence. If they are left to their own devices, one never knows what decisions they might make, however well intended.
Both paper and digital data need to have limited access and adequate controls give access only to those with what classified agencies of the government call “need to know.”
Filing cabinets come with locks, and they should be used. Leaving information within reach is as much as asking for a security breach. Why make it easy for a staff member or intruder to collect sensitive information? Make them work for it!
Rigorous online “locks” such as encryption ensure that getting into customer data is not an easy process. Passwords should be changed frequently, and many security firms recommend at least monthly. Certainly whenever there is a change in personnel, all passwords should be updated.
In addition, companies need to have clear procedures on how old data is disposed, whether it is a hard copy such as credit card receipts or a digital file with personal data. Shredders on sight are also valuable when dealing with post-crisis investigations.
While a company has some leeway on their individual data security programs, it’s imperative to comply with legal requirements as a starting place. The Federal Trade Commission’s Bureau of Consumer Protection has specific rules about protecting customer information. Additionally, the CAN-SPAM law covers anyone who is involved in either eCommerce or online marketing – which these days is just about everyone!
So don’t leave your customers’ sensitive personal and financial information to chance. Like the Boy Scouts, be prepared! Plan, train, and execute to retain customers through trust and confidence in your security programs.
Photo Credit: Flickr/Dell Inc.