In December 2013, Ingrid Victorsson found herself among the 110 million Target customers who’d had their names, phone numbers, email, and mailing addresses stolen in a massive data breach. Her thoughts on the matter amounted to a shrug and “meh, it happens,” — but there weren’t many who shared my laissez-faire attitude. In the end, nearly non-existent security measures ended up costing the company around $50 million in settlements.
I asked Ingrid Victorsson, a marketing professional from Boise, Idaho to put together some advice we can use to be more secure. In her off time she enjoys studying local history, eating cheese, and cuddling her dogs.
Target is hardly the only company to lose customer data. In fact, it’s happened far more often than it should, and it seems the cases are only becoming more numerous as time goes on. From poor security measures to leaked information, businesses have become careless with the precious information their patrons have entrusted to them.
According to a Harris Interactive poll, nearly 90 percent of U.S. consumers said they would avoid purchasing from a company if they felt their privacy was not protected. The good news is that setting yourself apart from the eBays and Anthems of the world is easy enough; it only requires marketing your security measures — and following through on those promises.
Protecting Customer Information
Before we get to marketing, there are a number of things you should be doing to protect your customers’ data. Depending on the size of your company, the way your systems are set up, and what information you have, consider the following security measures.
Use A Dedicated Server
As a money saving effort, many small businesses host their files on a shared server. On a shared server, different sites are are being hosted on the same machine — and individuals outside your company have access to your server. This means your website may be put at risk due to another site’s weak security. While it’s significantly more expensive, a dedicated server will greatly reduce the chance of your site being hacked by an outside party.
Encrypt Your Data
Keeping sensitive records unencrypted is always a risk — and it’s one that’s not worth taking. Data security is good business, which means there are plenty of affordable and convenient software solutions on the market. Pick one, use it, and set up an update schedule to keep yourself one step ahead of the hackers.
Layer Website Security
Since hackers use several approaches to break into sites and steal data, installing multiple layers of security is one of the best ways to keep an ecommerce site safe. Firewalls, contact forms, and login boxes all give thieves more work to do to access data — and make them less likely to succeed.
Employ a Malware Monitoring Service
Malware monitoring services not only protect your website and visitors from malware, they also notify you if your site has been compromised or infected with malicious code. Another option is endpoint protection, which guards your network and email against spam, malware, and dangerous file types.
Police Removable Storage Devices
Establish a policy wherein all removable storage devices are identified and controlled. This will prevent malware and viruses from getting in and keep sensitive information from getting out.
Shred, Shred, Shred
Shred, burn, or pulverize paper records of sensitive consumer data as soon as you no longer have use of it. It’s the law.
Run Wiping Programs
Deleting a file doesn’t permanently remove it, and just like paper documents, disposal rules apply to electronic media as well. There are a number of data erasure software programs available that can permanently remove files from a hard drive — if you don’t have one, get it ASAP.
Restrict Access
The fewer people have access to sensitive information, the better. Sensitive customer files, whether paper or electronic, should be kept in a centralized location under lock and key, and only available to employees who have “need to know” status.
Make Security a Company-Wide Responsibility
Don’t rely solely on either an internal IT employee (or an outside IT service provider) to protect customer information. Your IT person may not be aware of exactly how data is being used and shared. Discussions should be coordinated between IT, sales, marketing, human resources, and other departments to ensure that all those with access to customer data are managing and protecting it in a way that provides the highest level of security.
Data Recovery
In the event of damage, recovering data from servers or hard drives may be necessary. Do your research and be sure you use a reputable service or software — don’t let just anyone have access to customer records.
When considering data recovery services like this one, there are a few things you need to look for. How fast can they work? What type of devices can they recover data from? Where can they perform their recovery? Sometimes a cleanroom is necessary, other times you may prefer to have them on-site.
Create a Breach Plan
If the worst happens, you need to have a plan in place to handle it. This includes:
- Isolating the problem
- Notifying customers
- Getting an IT security expert involved to fix the situation
Swift notification is crucial when a breach exposes an individual’s name along with other identifying information — it will give your customers time to take defensive action. Furthermore, it can make a world of difference in the legal ramifications you face, as well as your brand’s reputation.
Marketing Security Measures
Data privacy and security is more than a risk management issue, it’s also a way to assure your customers that the trust they place in your company is warranted. Consumers are well aware of the risks surrounding data security and privacy, and differentiate yourself through a reputation for strong data privacy and security practices is a great way to gain a competitive edge.
A mind-blowing 80% percent of customers are more likely to purchase from companies that are perceived to be protecting their personal information.
But how do you market your security measures in a way that customers will hear it? Since most consumers only skim privacy policies when purchasing product online, it’s important to offer the information in more than one place.
- Include security/privacy measures on the about page of your website in an easy to read format — give them the the bullet points, not the whole shebang.
- If you have a storefront, keep a few pamphlets on hand and make sure there’s a section covering your privacy policy.
- Dedicate part of your newsletter to how you protect customer information.
- Add it to your advertising copy!
Customers want to know you care enough to protect them. By implementing a comprehensive data protection plan and spreading the word to customers — both potential and current — you can get a leg up on both hackers and your competitors.