Your customers entrust their personal data to you and your company. Your employees may easily share information, especially in an open office with little privacy. Protect customer information and identities by following these tips.
Collect Only the Data you Need
Unless you need a customer’s driver’s license number or Social Security number for a specific purpose related to the transaction, don't collect it. Ask only for the data you need and reduce access to information that could be compromised.
Use Data Only for Legitimate Purposes
The data you collect may be used to complete a sale or open a line of credit, but don’t use a customer’s data for any other purpose. Improper use of data can compromise a customer and place your company at risk.
Store Data Properly
Protect sensitive customer data when you store it electronically and avoid keeping unnecessary paper copies. Encrypt data, keep it in a centralized, secured location, and never rely on removable media such as USB drives for long-term storage.
If you rely on third-party data services, consider Database Information Retrieval Services Errors and Omissions Insurance as part of your broader risk review.
Use a Dedicated Server
While a shared server can save money, a dedicated server reduces the chance a hacker can access your data and generally improves security. Review your overall technology protections and policies, including options like Information Technology Insurance, to ensure coverage aligns with your risk.
Protect Your Network
Secure your network by keeping anti-virus and firewall protection up to date and scanning regularly for malware. Perform regular system updates on all computers and connected devices to close known vulnerabilities.
Secure Your Devices
Use updated computers, tablets, smartphones, printers and other devices, and lock devices when not in use. When employees connect remotely to your network, require a secure VPN (Virtual Private Network).
Backup Data Regularly
Schedule data backups at least daily to secure data as you collect it and reduce the impact of theft or loss.
Restrict Access
Maintain a “need to know” approach to access. If employees don’t need access to the information stored on paper or electronically, they should not have access to it.
Train Employees
Educate your entire staff about protecting customer information. They should understand confidentiality during every step of customer interaction, including before the sale, when collecting payment, and during any follow-up.
Employees should also know how to:
- Update software.
- Lock computers when not in use.
- Avoid downloading malware.
- Change passwords often.
Protect customer data in your open office by taking these steps consistently. When you and your team secure data during every step of customer interaction, you reduce the risk of an expensive cyber breach.
If you need help evaluating your risks and coverage options, talk to your agent.
Frequently Asked Questions
How do I decide which customer data is necessary to collect?
Collect only information required to complete the transaction or meet a legal obligation; avoid gathering extraneous identifiers like SSNs unless absolutely needed.
Is encrypting data enough to keep it secure?
Encryption is a critical layer but should be combined with access controls, backups, regular updates, and employee training for effective protection.
How often should backups be tested?
Backups should be performed daily and periodically tested to ensure data can be restored quickly and reliably after an incident.
What should I require for remote access?
Require secure VPN connections, strong authentication, and up-to-date device security for any remote access to your network.