A few big name companies have recently been in the media spotlight for being victims of security breaches. Hackers are becoming savvy in the way they infiltrate business’ sensitive data files.
Customers expect that every business — large or small — that collects their personal information will protect it. Beyond customer expectations, there are legal requirements, as well.
When looking to secure your customers’ private data, BBB recommends the following:
- Determine what makes sense for your type of business. This will be based on the type of data that you collect and store, and the kind of resources you have managing that data. If your business keeps information about customers in several formats (e.g., on paper, on computers, and online), you should sit down with a team of your employees — an IT person, office manager, etc. — and discuss these issues together to make sure you consider all viewpoints.
- Inventory your data. Inventory the type of data you collect, store and/or send. Inventory how you store your data. Inventory where you store your data for each type and format of customer information. Inventory how data is moved and who has access to it. This will help you begin to find the potential ways that sensitive data could be inadvertently disclosed.
- Evaluate costs vs. benefits of different security methods. Brainstorm different types of security rules and think about whether they make sense for the type of information you keep up, the format in which it is maintained, the likelihood that someone might try to get the information, and the harm that would result if the information was improperly obtained.
- Write it down. Type up the checklists you’ve just created, the security measures you are taking, and an explanation on why these security measures make sense.