10-Point Plan to secure customer data

Customer data is a precious commodity. All businesses have a duty to ensure its security and prevent it from falling into the wrong hands. Here are ten steps towards safeguarding your own.

Guide

1. Secure your point-of-sales stations

iPads, smart phones, traditional card readers – point-of-sale stations are often the start of the customer data funnel. They’re also the point at which customer data is most exposed, though, because stations can be readily breached. Always make sure yours are accounted for at the end of business hours, and keep software up to date.

2. Make sure you're payment card industry data security standard (PCI DSS)

Does your business accepts card payments? You should be compliant with PCI DSS. Visit the official PCI Security Standards Council website to learn more. If your customers trust you with your sensitive payment details, it’s your duty to see that that trust is well-earned and maintained.

3. Encrypt your data

Encryption makes data unreadable to anyone who accesses it without permission. Point-of-sale stations should always boast end-to-end encryption, while your website should have the same level of encryption, especially on pages where data is collected. Encryption is particularly important for data stored on cloud servers.

4. Know your 'data estate'

With the new General Data Protection Regulation (GDPR) coming into force next year, expect more frequent customer data audits. Start early by getting a clear picture of your ‘data estate’ now – know what you have, how it was obtained and where it’s stored. Crucially, don’t store data you don’t need, especially if it’s sensitive.

5. Shred sensitive paper documents

Even the most digital business can still rely on paper documents. The Data Protection Act 1998 states that all businesses have a responsibility to take best practice in regard to data protection. When data is in physical form, this extends to ensuring it cannot be viewed by passers-by and paper waste collected in secure bins is shredded.

6. Your privacy policy should be clear

Transparency breeds trust. If you’re honest about customer data, customers will feel less wary of sharing their data with you. Spell out what information you collect, how you use it and who you share it with. More than damaging trust, misleading customers about their data can result in legal ramifications for your business.

7. Educate your employees

Your employees are the people on the frontline when it comes to safeguarding customer data. It’s therefore crucial that that they know how to correctly handle data, from gathering through to storing. Employee education should be a central part of your security strategy.

8. Review your bring your own device (BYOD) policy

With the rise of smartphones and workplace technology, accessing company data on the go has become commonplace. Unfortunately, though, that’s given hackers bonus opportunities to access the data too. If you have a BYOD policy, review its need and limit what your employees can access on the go.

9. Know your vulnerabilities

With the rise of cyber crime, more and more businesses are keen to learn where they are most vulnerable in order to protect their customer data. Update availability checks, network scans and penetration tests can all be conducted to increase the security of your business and its data.

10. Common sense is key

In the realm of cyber security, the mantra of better to be safe than sorry reins true. Deciding to improve security after a breach is too late. For SMEs, time invested in learning and understanding the security issues surrounding customer data is time well spent.

Get the support you need right now

You can connect with us through the contact form, call us or contact your local Business Gateway office

Contact Us Find my local office

You might also be interested in

What Brexit means for Scottish businesses

Read up on how Edinburgh based Eteaket and world renown Walkers Shortbread have been preparing for Brexit and what advice they have for other business owners. It's Brexit over a cup of tea and biscuit you could say…

Risk management and business continuity planning

Business continuity planning can help you minimise the potential impact of a disaster - and ideally prevent it happening in the first place.

There's no spilt milk with cyber essentials

How Angela Prentner-Smith, the Founder and Managing Director of This is Milk, benefited from achieving Cyber Essentials.