Find a reputable business?

Business Consumer Alliance Blog

9 Ways to Keeping Customer Information Secure


It has become commonplace to hear stories of companies of every sort suffering security breaches and hacks. If you are an owner or operator of a business, security and protecting information is crucial. Businesses collect and maintain a variety of information, from employment applications to consumer credit card data. With so much sensitive information involved with everyday transactions, sound security measures are essential to prevent information falling into the wrong hands. And just in case there is a breach, having a plan to deal with these types of situations is vital. Here are practical tips to help your business establish or tighten up your security.

Establish data collection, retention, and use policies. It is important to establish and implement policies early on regarding how information is received, how long to keep it, and how it will be used. Many businesses collect information when customers register on their website or set up accounts. Think about what information is being requested and if you really need it. After customer data is collected, consider if the information needs to be retained past the transaction period. For example, payment information may be collected during a retail purchase. Does that information need to be retained once the sale is complete? If not, have a process in place to safely discard the data promptly. Remember, a thief cannot steal what you don’t have.

Control access to data.  Another important factor to consider is who has access to that information. It is unwise to allow all employees unlimited access to your network and information stored on it. Put controls in place to ensure access to information is provided solely on a “need to know” basis. The same goes for third parties, such as developers. Administrative access should be tailored according to each employee’s job needs.

Insist on secure passwords and authentication. Check that passwords used by authorized individuals are complex and unique. Avoid using the same password that is used for other accounts and store them securely. Hackers often attempt to break into accounts by typing combinations of characters in hopes of lucking into someone’s password. Think about implementing programs that disable access or credentials after a specific number of failed attempts. Put into place processes to authenticate user credentials.

Safely store sensitive information and protect it. Take appropriate steps to securing your network and test it for flaws. If data needs to be transmitted elsewhere, use strong cryptography to secure confidential information. Make sure the data is secure throughout the entire transaction, not just when initiated. Train employees on your data policies and how to keep sensitive information secure.  Paperwork and written documents with personal data should be stored securely and not left unattended.

Keep watch on who is trying to gain access to information. Firewalls, intrusion detection, and prevention tools used on your network can help guard against malicious attacks. Monitoring activity on your network can alert you to possible intrusions or attempts to breach your system’s security.

Safeguard remote access to your system and network. Business no longer just happens at your workplace. Many businesses allow remote access to their network, allowing customers to conduct business on the go, with mobile access being one of many tools used by companies. That said, having secure access points are essential. Check that computers with remote access have appropriate security. Put sensible access limits in place and grant temporary or limited authorization to individuals that do not necessarily need an “all access pass”.

Watch your service providers. Companies often hire individuals to process personal information from clients. Or perhaps third parties may be used to develop apps, new products, or services. Before hiring such individuals, be up-front about your security expectations and make sure appropriate security standards are included in your contracts with the provider. Verify their compliance by monitoring them.

Create a plan to keep security measures current and address issues as they may arise. Criminals consistently revamp their methods to steal information and wreak havoc on their victims. Securing networks and systems is an ongoing task. Keep your guard up by becoming familiar with various attacks implemented by hackers. Keep software updated, heed credible security warnings, and quickly resolve problems.

Clean house and do it securely. Dispose of information that you do not need. Paperwork and equipment may be trash but criminals seek out these items to enable them to commit deceitful acts. Cleaning hard drives, properly discarding mobile devices, and shredding information are all tasks businesses need to take as a precaution.

With effort and planning, your business can take steps to ensure your customers’ information is safe. For more security tips visit the FTC’s Guide “Protecting Personal Information”.

About Business Consumer Alliance Business Consumer Alliance (BCA) is a non-profit company that started in 1928. The broad purpose of BCA is to promote business self-regulation. BCA's mission is achieved by assisting consumers in resolving complaints with businesses and using that complaint information, along with other relevant information such as customer reviews, to forecast business reliability. With community support, BCA can identify trustworthy and ethical businesses and warn the public to avoid unscrupulous businesses whose purpose is to defraud the marketplace. BCA also helps businesses promote themselves by providing services and tools to protect their business and reach out to their customers. BCA obtains its funding from member businesses who support the mission and purpose of the organization and who agree to abide by high standards of ethical business practices.