All companies keep some amount of sensitive information in their files either to identify customers or employees. Beyond customer and staff expectations to keep sensitive data from falling into the wrong hands, businesses have legal requirements as well. Better Business Bureau reminds businesses to put procedures in place to safeguard their customers’ privacy.
“No company is completely immune to a data breach”, said Mechele Agbayani Mills, President and CEO of BBB serving Central East Texas. “However, businesses can do several things to minimize the risk.”
According to the Identity Theft Resource Center, there were over 781 data breaches in 2015 which left more than 707 million data records compromised. Taking precautions to prevent your customers’ personal data from becoming compromised should be a top priority of every business that collects customer information.
When looking to secure your customers’ private data, BBB recommends the following:
Determine what makes sense for your type of business. This will be based on the type of data that you collect and store, and the kind of resources you have managing that data. If your small business collects information about customers in various formats (e.g., on paper, on computers, and online), you should sit down with a team of your employees — an IT person, office manager, anyone who retrieves data, etc. — and discuss these issues together to make sure you consider all viewpoints.
Inventory your data. Inventory the type of data you collect, store and/or transmit. Inventory how you store your data. Inventory where you store your data for each type and format of customer information. Inventory how data is moved, who has access to it, and how to keep it locked up physically and electronically. Consider seeking outside help to identify potential leak points, and speak with a data forensics team or the bank or processor that provides your merchant account services.
Educate your employees. Keep in mind that security technology can only do so much to protect customer data. Developing policies and providing regular training for employees handling customer data is also imperative. Consider adding internal security measures to protect against the possibility of hacking incidents.
Write it down. Create a written Standard Operating Procedure for your data security measures including checklists you’ve just created, the security measures you are taking, and an explanation on why these security measures make sense. Not only will this serve as a great resource for your employees, it will also serve as documentation that your company has taken a good faith effort to protect customer data.
Set high standards. Require that partners and vendors with access to customer data also have the best available protection. Agencies, software firms, and email service providers should have the same (if not better) controls as your company. Likewise, if any of your partners stores customer data for you, understand exactly how they are securing their information systems and handling access control.
Check out BBB’s updated online guide Data Security – Made Simpler (bbb.org/data-security) for free information on how to create a data security plan.
For additional resources on how to build a better business and to find out how to network with other businesses, go to bbb.org.
Mechele Mills is the President|CEO for the Better Business Bureau Serving Central East Texas. Prior to her role at BBB, she led and consulted organizations of all sizes, managing operations, sales marketing, and personnel for both the public and private sector. She holds a Bachelor’s in Journalism/PR from the University of Texas at Tyler and a Master’s in Business Administration from Baylor University.