As much as you may think your business doesn’t hold tonnes of data, it does.
We all hear about the data breaches in large companies that just get swept under the rug after a small fine is levied against them but for a smaller company, the damage to your reputation may never be undone if you allow your customer data to be stolen. So, let’s look at some best practice methods to better manage your customer data.
Firstly, you’ll need to understand the sensitivity of the data you hold. To do this, I usually group my data into 4 buckets:
- Bucket 1: publicly available data (e.g. your price list)
- Bucket 2: internal company data
- Bucket 3: contracts with suppliers; customer contact information; employee details
- Bucket 4: customer payment details; employee payment details
Essentially, the buckets are stepped increases in sensitivity of data & the legal / financial impact of a data breach of that kind.
Data Clean Up
Now, take a look down that list of extremely sensitive data points that you hold (bucket’s 3 and 4) and consider the value of each to both yourself and to a potential hacker. From this, you should be able to create a risk / reward matrix, for example:
Risk: Holding customers credit card details increases the risk of a serious breach & has high value to a potential hacker.
Reward: We will have the ability to provide customers with a one-click ordering system which is proven to increase sales by 10%
This is a very simple example but it should get the point across. In this situation, the company need to decide whether their increase in sales is worth the risk. As this is not a perceived increase but is rather a proven / actual increase, you’d have to say that it probably is – they just need to invest some time / energy into securing their data as best they can.
If you decide that you absolutely need to hold the data, can you encrypt it? Can you make it much harder for a hacker to gleam any value from the dataset? The more hoops you make the hackers jump through to get to the valuable bits of your dataset, the more likely it is that they’ll leave empty handed.
Next, think about how long you need to retain those details for and what their purpose is. If you want to hold the data indefinitely for reporting purposes, then you should definitely consider removing all the data which cannot (or is unlikely to be) reported on. For example, bank details and customer phone number, name etc…. are probably not the most useful items to report on, unless you particularly want a report showing the number of people named John that have bought items from your store – you might, who am I to judge?
You can work through the data, decide what you don’t need & only keep the data you definitely need, e.g. date of birth & gender (as understanding customer demographics can be useful).
If you don’t need to retain the data longer than X years for legal purposes, you can create a lifecycle rule to get rid of data as it tips over the required time period, reducing the risk of a data breach against data that you don’t even need to be holding!
It’s amazing how many companies don’t review the users that have access to their data on a regular basis. I’ve worked for a number of companies that store their data in a public cloud & have not revoked access to ex-employees. It’s unlikely that the ex-employee is doing to damage your company by leaking your data, but, the more login credentials you have floating around on the web, the more insecure doors you have through which a hacker can enter.
If the worst happens and your data is accessed by an unauthorized party, you’ll need to act quickly to minimize the impact on your customers. For example, if the hacker has stolen login credentials for your customers, you could implement an application-wide password reset on all accounts to prevent access. If that’s not an option, you could disable the login function for a period of time while you work on a mitigation strategy. Having all this planned out beforehand is vital.