- Secure your point-of-sales stations
- Make sure you're payment card industry data security standard (PCI DSS)
- Encrypt your data
- Know your 'data estate'
- Shred sensitive paper documents
- Your privacy policy should be clear
- Educate your employees
- Review your bring your own device (BYOD) policy
- Know your vulnerabilities
- Common sense is key
- Next steps
1. Secure your point-of-sales stations
iPads, smart phones, traditional card readers – point-of-sale stations are often the start of the customer data funnel. They’re also the point at which customer data is most exposed, though, because stations can be readily breached. Always make sure yours are accounted for at the end of business hours, and keep software up to date.
2. Make sure you're payment card industry data security standard (PCI DSS)
Does your business accepts card payments? You should be compliant with PCI DSS. Visit the official PCI Security Standards Council website to learn more. If your customers trust you with your sensitive payment details, it’s your duty to see that that trust is well-earned and maintained.
3. Encrypt your data
Encryption makes data unreadable to anyone who accesses it without permission. Point-of-sale stations should always boast end-to-end encryption, while your website should have the same level of encryption, especially on pages where data is collected. Encryption is particularly important for data stored on cloud servers.
4. Know your 'data estate'
With the new General Data Protection Regulation (GDPR) coming into force next year, expect more frequent customer data audits. Start early by getting a clear picture of your ‘data estate’ now – know what you have, how it was obtained and where it’s stored. Crucially, don’t store data you don’t need, especially if it’s sensitive.
5. Shred sensitive paper documents
Even the most digital business can still rely on paper documents. The Data Protection Act 1998 states that all businesses have a responsibility to take best practice in regard to data protection. When data is in physical form, this extends to ensuring it cannot be viewed by passers-by and paper waste collected in secure bins is shredded.
6. Your privacy policy should be clear
Transparency breeds trust. If you’re honest about customer data, customers will feel less wary of sharing their data with you. Spell out what information you collect, how you use it and who you share it with. More than damaging trust, misleading customers about their data can result in legal ramifications for your business.
7. Educate your employees
Your employees are the people on the frontline when it comes to safeguarding customer data. It’s therefore crucial that that they know how to correctly handle data, from gathering through to storing. Employee education should be a central part of your security strategy.
8. Review your bring your own device (BYOD) policy
With the rise of smartphones and workplace technology, accessing company data on the go has become commonplace. Unfortunately, though, that’s given hackers bonus opportunities to access the data too. If you have a BYOD policy, review its need and limit what your employees can access on the go.
9. Know your vulnerabilities
With the rise of cyber crime, more and more businesses are keen to learn where they are most vulnerable in order to protect their customer data. Update availability checks, network scans and penetration tests can all be conducted to increase the security of your business and its data.
10. Common sense is key
In the realm of cyber security, the mantra of better to be safe than sorry reins true. Deciding to improve security after a breach is too late. For SMEs, time invested in learning and understanding the security issues surrounding customer data is time well spent.
Get the support you need right now
You can connect with us through the contact form, call us or contact your local Business Gateway office.