Banks, investment firms, online stores, doctors offices, and lawyers — pretty much any business is going to have some measure of access to their clients’ personal information. This could cover anything from blood type and STD status to credit card information and bank details. How do you assure your clients that their data is safe, and as a company, maintain this assurance?
Here are some of the ways you can protect your clients’ personal information.
For Statistical Purposes Only
Many advertising firms offer to buy client data from other companies, supposedly to get a better idea of their target market and better advertise their product. If you buy this ruse and sell your clients’ data, and they find themselves getting targeted email advertisements, you’re likely at fault. Handing over unfiltered data to another company is unethical, especially if your clients are unaware.
If you do release any data, it should be anonymous — don’t give out any contact info, it should be pure statistics. There’s nothing that says you can’t reveal that 75% of your clientele are male, or that 53% are white, but never give names, locations or contacts. The hassle, loss of reputation and legal fees when your clients find out who’s been giving away their personal information won’t be worth it.
Your own employees
Even when you know that you can trust your employees not to give away confidential information – caution is best. If you handle sensitive information, particularly finances (accounting and investment firms primarily), have a blanket rule on no work being taken home. Documents have the potential to go astray, and computers can be stolen or hacked on unsecured networks. If there are still urgent things to be taken care of at the end of the work day, stay at the office another hour.
Storing and Sending Data
Make sure data that is stored and sent is done so securely. All emails containing personal information should be encrypted. To minimize the risk to data, use a virtual data room. It’s a safe way to store and send data, without the worry that it may be accessed by a third party. In addition, cloud storage in a virtual data room eliminates the need for a physical data room while protecting data in the event of fire or water damage to your premises.
If your company has offices in multiple locations, or work does need to be done somewhere other than the office, use a VPN. Virtual Private Networks allow you to access a private network through public networks using encryption, meaning data is a lot safer than it would normally be on a public network.
Data Backup
As important as it is to make sure your clients’ data doesn’t fall into the wrong hands, it’s just as important to make sure you don’t lose data. Having to recapture vast amounts of data will really mess with business and be a hassle for you and your clients. For this reason, you should run regular data backups, preferably on a secure cloud server.
Depending on the type of backup, you shouldn’t really have any problems, but do a test run anyway. Create a file, back it up, then delete it. See if you can retrieve it from your backup, this way you know your backup works, and how to retrieve files should you need to.
Malware Protection
There are hundreds of anti-virus programs on the market, and the free ones are ok for home use, but if you use your computer for work, personal banking, and especially if you run a business that handles other people’s data, it’s worth paying for the premium version. It’s incredibly easy for websites, emails and other programs you install to contain viruses that will either corrupt or steal data, so make sure you have a good antivirus/antimalware program and run regular scans.
Firewalls
Firewalls are similar to antiviruses in that they protect your system, but they are more of a preventative measure. A firewall follows a strict set of security rules to monitor network traffic and determine what applications, programs and websites are allowed to communicate with and make changes to your system, effectively stopping dangerous traffic before it reaches your computer.
Lock Down Your Computers
Aside from software protection — firewalls, VPNs and antivirus, your computers should also be physically protected from data theft. If your company uses laptops, lock them away at night in a safe. For normal desktop computers — and laptops — make sure they’re always turned off at night. A computer has to be on to be accessed remotely, so off is generally safe.
Passwords
Use secure passwords that are changed regularly. A strong password is typically eight or more characters and contains numbers, symbols and upper and lowercase letters. Using the same password multiple times is not secure – once it’s been cracked, anything with the same password is fair game.
Emails
A lot of data will likely be sent between you and your clients via email. Emails with sensitive data should be encrypted, so they can’t be hijacked en route. For attachments – financial statements and other sensitive data – use a password. It’s fairly easy to password protect attachments, both in Microsoft Office and Adobe. Choose a password that you and your client will remember, but that would be difficult for an outsider to guess. This way, if a client’s email is accessed by someone else, or you send the email to the wrong person, any documents are secure.
It may also be worthwhile changing the layout of your email program. It may seem like a simple mistake, but everyone has, at some point, sent an email to the wrong person or hit reply all instead of reply. Move your forward and reply-all buttons away from the reply button to avoid these mess-ups.
Protecting your clients’ data should be one of your highest priorities, whether it’s personal information, financial details or contact info. Don’t give out any details without a client’s express permission and always make sure anyone asking for information is who they say they are, and won’t abuse or sell the information you’ve given them.
