SECURITY FOR THE MIDMARKET
Data protection strategies: Take steps to protect customer information
Michael Gregg, Contributor
12.17.2004
Rating: -3.35- (out of 5)
|
Businesses are increasingly tasked with processing more and more electronic information. This can be especially burdensome for small and medium-sized businesses (SMBs) because of their size and manpower. If their data protection strategies fail, they may be just one click away from disaster. It's a valid possibility that the organization could be held liable if personal data is disclosed to an unauthorized person. The business could also suffer the loss of customers, revenue and reputation.
Most organizations want to do the right thing and are interested in proper controls. Some may just feel overwhelmed by the day-to-day demands of business. A survey performed by CIO magazine found that 14% of respondents said their company had not taken any steps to protect customer information. If you are one of that 14%, take a look at these five basic steps to help get your data protection strategies off on a proactive footing:
- Review state and local laws: First examine any state or federal data protection laws that your organization may be subject to and make sure you are compliant. Some states, such as California, have strict privacy laws dictating businesses responsibilities while in position of customer information. More than 450 privacy-related bills have been introduced in state legislatures in just the last several years.
- Create a privacy policy: SMBs should develop policies that dictate how to protect customer information. These policies should detail what information is protected and be written in simple language that can be easily understood by customers.
- Implement technology to protect the information: Make a solid data protection effort. Policies mean nothing unless organizations actually follow up and implement security controls. A commitment to data privacy means the organization has expended the funds necessary to adequately secure the data.
- Educate and train employees on the privacy policy: Training is the lifeblood of any policy change. Don't expect employees to understand change unless they are informed and made aware of its importance.
- Publicly post the privacy policy: The policy should be accessible by the organization's customers. Customers are the lifeblood of any business. They should know what steps the business is taking to protect their personal information including: name, address, credit card number, etc.
Customer data is a valuable corporate asset and as such deserves a sufficient level of protection. Customers expect steps to be taken to protect their personal information. In doing so, you are not only meeting expectations but also placing yourself ahead of the competition. If this is something that your organization has put off, now is the time.
Michael Gregg has been involved in IT and network security for more than 15 years. His current responsibilities include performing security assessments and evaluations for corporate and government entities. He has served as the developer of high-level security classes, contributed to several books and study guides and has taught classes for many fortune 500 companies. To comment on this story, email editor@searchcio-midmarket.com.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchCIO-Midmarket.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
