Once upon a time, the only person worrying about securing customer data might have been the grizzled IT veteran in the company’s basement cubicle. Customers seldom thought twice about how their data was protected, and many businesses didn’t either. Security was simply not high priority, and for most people, not a problem [1, 2].
Once upon a time, that might have been true. But not anymore.
Recent headlines have disclosed major data breaches affecting millions of consumers worldwide. It’s become clear that protecting customer data can no longer be just another item on the agenda to be taken care of “later.” The consequences of losing customer information are severe. A recent survey by Harris Interactive reveals that 89 percent of consumers avoid doing business with companies they believe do not protect their privacy . And customer concern is growing: A full 74 percent of internet users are more worried about their online privacy than they were a year ago . Loss of customer data can mean loss of consumer confidence, fines and lawsuits and the expense of restoring your compromised systems.
To stay ahead of the threats, you need to make sure you’re doing everything you can to secure your customers’ data. Here are some tips on where to start:
In the office
- Retain data logs longer: Two thirds of data breaches are not discovered until over a month after they occur. And roughly 70 percent are discovered not by the company affected, but by an external third party. Keeping older data logs allows you to understand how your network was breached and what data may have been stolen .
- Review your encryption: If your company already uses encryption, great. But it might not be enough. Methods that were standard five years ago may be easy to break today, so it’s important to regularly review your protocols. It’s also important to make sure you’re deploying encryption effectively. For example, if data is encrypted on your server but not while it’s on an employee’s laptop, you remain vulnerable.
At the store
- Follow PCI recommendations: The PCI Security Standards Council publishes publicly available best practices for retailers. Their standards for data are outlined in the PCI Data Security Standard (PCI DSS). Every business working with sensitive customer data and credit cards should make sure they’re applying its recommendations. While not sufficient on their own to protect against every threat, they serve as a good starting point for securing your data.
- Consider tokenization: Often used in e-commerce, this high-level security strategy replaces consumer information such as credit card data with unique identification symbols as it travels through your network, keeping your clients anonymous and protecting their data from prying eyes.
In the cloud
- Demand the best: Not all cloud providers are equal, especially when it comes to security. It’s important to understand what kind of policies a provider has in place before signing any contract. For example, HP Cloud offers small and medium businesses enterprise-level security services like comprehensive logging and kernel auditing.
- Consider data loss prevention: Often employed by global organizations in the past, this effective strategy is now also accessible by small and medium businesses. Data Loss Prevention (DLP) tools like those offered by HP include policy-based data monitoring and tracking to preemptively stop exfiltration of data.
The volume and sophistication of attacks is increasing every year. In fact, 19 percent of data breaches combined phishing, malware, hacking and entrenchment in order to gain access to valuable customer data . To protect your customers’ information, it’s important to regularly review your security practices, and research new services like cloud computing before you deploy them. A proactive approach will help you build customer loyalty, effectively launch new technologies and defend against evolving threats.
 Newtek Business Services, Majority Of Business Owners Not Concerned About Credit Card Security, March 2014
 NFIB, Small Business Problems and Priorities, August 2012
 TRUSTe Privacy Index, 2014 Consumer Confidence Edition, December 2013
 Verizon, The 2013 Data Breach Investigations Report, April 2013
used with permission from HP Technology at Work