There are countless stories of companies that have failed to secure customer data. Here are a few:
- Equifax: 143 million customers affected. If you have had a credit check done with Equifax chances are pretty high you have been affected.
- Yahoo: 3 Billion Yahoo accounts were affected which is the largest security breach in history.
- Home Depot: 56 million credit cards affected
- Target: 40 million credit cards affected
It is critical that if you are a part of any organization, that you take customer data very seriously and do everything that you can to protect it. Your company and your personal reputation are at stake. There are several things that you can do both internally and externally. Shockingly almost 70% off all data leaks are internal.
There are certain things that most IT organizations do to ensure that the network is secure such as:
- Have a secure firewall
- Make employees change passwords on a regular basis
- Secure servers, laptops, and desktops with the appropriate security settings
- Keep anti-virus software updated
- Patch servers and computers
- Annual security training
That is simply not enough. The areas which are most frequently targeted are: network, data, and users. Here are some practical steps your organization can take to secure customer data:
- Secure File Transfer: Most organizations use FTP to transfer files. You need to upgrade that to SFTP, FTPS, AS2 or another more secure protocol.
- Monitoring: There needs to be monitoring in place so you are aware of what is happening on your network. If you know who is connecting and what they are doing, then you will be able to detect network breaches.
- Data storage: Never store any data in the DMZ. All data should be stored elsewhere.
- Data: It is important to follow the appropriate corporate standards and delete secure customer data when it is no longer needed.
- Scanning: It is critical to scan any documents before they come into the network. These incoming files can contain malware and viruses which can harm your entire network.
- Encryption: You must encrypt your customer data. Encryption allows another layer of security which will protect secure customer data and prevent security breaches if it gets in the wrong hands.
In addition to those, it is important to not do any of the following bad user security practices.
- Uncontrolled access through IoT. Unsecured devices are connecting to your network all the time. Items include: personal computers, mobile phones, tablets, smart watches and other wearable devices. It is important to restrict the amount of access and where these devices are able to access. For example, you don’t want these devices to access shared servers where there is secure customer information. Only devices that should access that information can gain information.
- Provide proper tools. IT professionals are going to find ways to do things better. This can include using open source and other less secure methods. It is a lot cheaper to pay for the licensing of the needed software versus paying millions of dollars in fines and restitution.
- Data Monitoring. It is important to know what your teams are doing on your corporate network in terms of who is logging in, what information are the transferring internally and externally and who they are sending that information to. Detail logging information is critical and those logs need to be monitored to ensure security compliance.
I hope this information has been helpful. I strongly encourage you to check your security to ensure your secure customer data is protected.