How to Protect Your Customers Online
When you collect peoples’ personal information online, you have an obligation as a business to keep that information secure. This article looks at what your obligations are and some steps you can take to ensure that private data doesn’t fall into the wrong hands.
Why you must protect your customers
When someone gives you access to their financial information online such as a credit card number, they are trusting that you will treat that information confidentially and ensure it remains secure.
If you fail to do so, which has happened to even the largest organisations, your customers will not only be angry, but they will also never trust you again. The repercussions of this, from a business point of view, can be devastating.
As well as a loss of business and reputation, failure to keep confidential information safe can also have legal implications. Information handling and privacy laws have been significantly strengthened in recent years and companies who fail to take adequate precautions can find themselves facing lawsuits and huge fines.
So, regardless of the size of your business, if you handle private information, you must take steps to ensure it remains safe online.
Secure your ISP
One way to do this is to make sure your ISP is secure. The information on your e-commerce website is only as safe as the gateway it travels through, so you need to make sure your service provider observes best practices when it comes to security.
Among other things, you need to find out whether they:
- Use the latest data encryption standards
- Use the best SSL certificates
- Have regular third-party audits of their security
- Conduct background checks on their staff.
Secure your network
As well as your gateway, you need to ensure that your company network is secure. Ways to do this include:
- Only keep data if you are planning to use it in the near future, otherwise delete it
- Install firewalls and security software and update regularly
- Use strong passwords and change them regularly
- Scan all new devices connecting to your network.
Have a security policy
Another way to ensure information remains safe is to create a security policy for your business and ensure your staff understand it and follow it. It should include requirements such as:
- Recognising Phishing (email fraud) and Vishing (VoIP fraud) attacks and knowing what to do about them.
- Keeping all business devices that are connected to the network password protected and locked when not in use.
- Only using company mobile devices in secure locations (i.e. not in public WiFi hotspots).
- Not discussing company matters on social media, unless authorised to do so.
The amount of private data being stored online is growing every day and so is the legislation surrounding its use. Ensuring the safety of your customers online may soon not only be necessary to prevent reputation loss, but quite possibly the loss of your business as well.