Businesses often store sensitive customer information — from payment to passwords to SSNs — on their networks. In turn, customers expect businesses to take the necessary steps to keep their information safe. But it's not always an easy task.
Keeping customer data safe is a multi-faceted endeavor, according to Sandra Styskin, IT security expert and co-founder/developer at Safeplicity, a password protection and encryption tool.
“First of all, we need to consider if we are talking about data that is obtained continuously via a website and stored on a separate server, or data obtained otherwise, stored on employees' computers,” she explains. “If the customer data is stored on a dedicated server, this server should be completely isolated except for connections from the front-end web server that is submitting the data to it. This can be best achieved by setting up a firewall, allowing only one connection.”
Of course, there will be situations in which customer data needs to be stored and/or accessed on portable devices, such as laptops, external hard drives, smartphones, and tablets. In these cases, Styskin says it is absolutely essential that the data is password-protected and encrypted so that, if the device is lost or stolen, it is much more difficult for an unauthorized person to access the data.
Not doing enough to keep customer data secure can be devastating to not only the customer but also to the business. For example, Semafone, a UK-based fraud-prevention company, found that nearly 87% of survey respondents said they'd stop doing business with a company if their credit cards were compromised in a data breach. There may also be fines to pay depending on the number of records breached and whether compliance regulations were flouted, as well as fees to cover credit and identity monitoring for affected customers.
Instituting security tools is essential for any company today as data breaches and ransomware attacks continue to rise, but security can be expensive and difficult to navigate for smaller businesses without ready access to IT or security staff. While no security tool is 100% foolproof, there are apps available that can help a business better protect its customers' sensitive information. There are blogs and consumer information websites which have compiled lists of these apps to help; do some research to see if any of these apps might work for you.
As important as security tools like these are, perhaps the most vital security “tool” is employee awareness.
“The solution to cybersecurity problems is not more technology, more software, or more apps,” says Reg Harnish, CEO of GreyCastle Security, a security service provider based in Troy, New York.
“You must address the people and processes that unintentionally create opportunities for cybercriminals to attack through their behavior, such as the reuse of login credentials or weak passwords. No app can protect a consumer if they have poor cybersecurity practices.”
Protecting your business against cyberthreats doesn’t have to be overwhelming. Start with the simplest and most affordable tools available. And for more tips on managing cybersecurity risk, see this resource list from the U.S. Small Business Administration, and review our business-protection tips.
Disclaimer: Views expressed in this article and the third party links contained herein may not necessarily reflect those of Citizens Bank. Citizens Bank does not guarantee the accuracy of the information contained on the third party websites linked to in this article, nor do we endorse the products or services mentioned or provided on said third party websites. The information contained herein is for informational purposes only as a service to the public, and is not legal advice or a substitute for legal counsel, nor does it constitute advertising or a solicitation. You should do your own research and/or contact your own legal or tax advisor for assistance with questions you may have on the information contained herein.