From Walgreen’s mobile app to MGM Resorts and Clearview AI, the first few months of 2020 have been marked by a rash of data breaches. Given that last week was National Consumer Protection Week, we’ve decided it would be a good idea to quickly review some easy and effective strategies you can implement today to protect customer data.
A good internal security plan doesn’t have to be super complicated. It just has to be purposeful.
1. Limit Access to a Customer’s Personal Details
When you handle a customer’s personally identifiable information (PII), you’re handling the details that could spell a pathway into their private accounts if they fall into the wrong hands. As such, it’s a good idea to make sure that only those individuals who absolutely need the information have access to it.
For example, if a client is assigned to Customer Rep #1, there is no reason why Customer Rep #3 should have access to that client’s information. Similarly, if your organization operates on an in-house computer network, make sure that information access is restricted according to the parameters of each specific job.
You can restrict access to this kind of information in many different ways. One of the most basic is making sure that the building or office itself is secure, and that only employees with proper credentials and entry passes can freely move in or out. Any paper files with confidential information should be stored in a locked cabinet when not in use, and should never be left out on a desk unsupervised.
2. Once You No Longer Need the Info, Destroy It
When a transaction has been completed, what do you do with the information still in your possession? Some companies opt to keep the data, in case the customer returns, but if it’s not absolutely necessary, you should protect your customers – and reduce your own liability – by destroying the information.
The FTC recommends making sure that everything with personal data, even if it looks like trash, is securely disposed of. This means shredding, pulverizing, or burning sensitive documents before you allow them to enter the public trash system. The same holds true for digital copies – if a hard drive or portable flash drive is scheduled to be decommissioned, hard drive shredding is the only way (yes, even over digital erasure) to guarantee that a customer’s details can’t be recovered from the device.
If an office regularly handles customer information, a scheduled shredding service can make sure that papers are consistently discarded according to all relevant state and federal privacy regulations. Frequently, the scheduled shredding service will provide complimentary locking storage bins as a way for you to keep documents safe until shredding day.
3. Make Sure Everyone is Up-To-Date and Aware
Online business is a big business. Digital sales are expected to top $735 billion by 2023, and it’s estimated that within the next ten years, half of all retail sales within the UK will be conducted online. Even if your company isn’t selling anything online, there’s still an excellent chance that computers are used on a daily basis to complete office tasks. However, to riff on a phrase from Spiderman, “With great convenience comes great vulnerability.”
Make sure that all office computers are outfitted with the latest and most up-to-date security software and antivirus malware. Passwords should never be easily guessable, and important applications should be configured to require two-factor authentication when logging in. The office network connection should be as secure as possible, and should always require password authentication before being able to connect. Staff should be trained on how to recognize attempted security breaches and what to do when they encounter one.
It’s also a good idea – and a good business strategy – to make your customers aware of precisely how you handle their information. Being transparent about how you operate and what you’re doing to protect them can actually help win repeat business.
The information handled by your business is only as secure as you decide it will be. If you’re not sure where to start with internal digital security, consult an expert. The same can be said for document security – if you’re not sure what procedures would be best for your workplace, or the legal requirements for document destruction, a professional document shredding company can save your company a lot of time (and money).
For more information on how A-1’s scheduled shredding can help protect your business and keep your customers’ data secure, call our office at (602) 441-3339. You can also contact us online with any questions or to request a free service quote.