Your web content is extremely valuable. It is more than just customer information and data: it’s hours of your hard work and that of others to create landing pages, blog posts, and other informative content surrounding your website. Photos, pages, posts, email lists, leads, and prospects often reside on your website and in the cloud.
The security of that cloud data is vital. Several of the
Offer Reassurance, But Don’t Brag
‘We take web security seriously, We promise to do our best to protect our data and that of our customers.” This is a good statement. It states your concern but doesn’t make boastful claims that may be hard to back up.
“We’re the best at web security. Your data is safer here than anywhere.” Claiming superiority when it comes to security is offering a challenge to hackers, and is also a sure way to disappoint your customers should a data breach occur. A more modest and honest approach is safer and more intelligent in the long run.
There is no Cloud
Much of our web data and online content is secured in “the cloud.” Cloud data is any data that is not stored on your own server and directly secured by your organization. Cloud web services are provided by Amazon, Google, and Microsoft among other companies.
While storing data in the cloud is a fantastic idea, there are rules and guidelines to follow to keep that data secure as well. The cloud is not an ethereal place: in fact, it does not really exist. The cloud is really just someone else’s computer. Just because the data is not on your computer does not mean you are not responsible for keeping it safe. Data security in the cloud is just as essential as internal data security. The following tips will help you ensure your information and content is secure no matter where you store it.
Ownership of Data
Your company owns your data regardless of where you store it. The specific rules and regulations regarding data storage vary according to which country your data is stored in, not the country where you are located.
You may not want to own sensitive information such as customer personal data or credit card numbers. Properly using a cloud service provider can lower your liability and keep that data protected separately.
In the United States, cloud data is subject to the Electronic Communications Privacy Act (ECPA) and Cyber Intelligence Sharing and Protection Act (CISPA). These acts mean you and your cloud provider must comply with their regulations about protecting customer information. If either party fails to follow protocols and there is a data breach you can be liable for damages.
However, in other countries without such regulations, your data may not be as secure, and law enforcement and government agencies in that country may demand access to your data under their laws.
Control Access to Your Data
While you need to allow a certain amount of access to your data, that access must be carefully monitored and controlled.
When Home Depot suffered a data breach, it occurred through a third party vendor who had access to the data. That connection was hijacked, providing the data thieves with a way in. A similar thing happened to Target. There are several things to keep in mind when sharing data.
- Only provide third-party vendors access to the data they absolutely need to perform whatever tasks they are doing for you.
- Use lists to define employee access permissions.
- Encrypt your data.
- Limit physical access to your servers.
Controlling access to your data is a good first step, but it is certainly only a part of your overall plan.
Protect Your Data Internally
The weakest link in your data security is the employee who rarely changes their password, and/or has a weak one.
- Encourage your employees to change passwords often, and create password guidelines.
- Train employees to recognize and respond properly to phishing scams.
- Encrypt your data internally as well.
The key to real data security is to prevent the weakest points in the first place. Training and mandatory password changes will certainly help mitigate these common issues.
The more of these policies you have in writing the better. The more places your data is backed up locally as well as in the cloud, the less likely you will be to lose it or suffer service interruptions. Redundancy whenever possible is essential.
You should also have a Service Level Agreement (SLA) to prevent common legal problems and to protect you from being liable in the case of acts of God and other events that cannot be prevented.
There is a ton of data out there, and depending on your industry you can gather it from a number of sources. While you may not directly own all of this data, you still need to keep the data you use secure.
Also, if you do choose to share your data with third parties, you are responsible for how much you share with them. A part of protecting yourself is choosing carefully how and what you share.
Demographic data should be anonymized. When sharing the age, race, sex, and other personal information about your customers whether for market research or other purposes, the identity of each individual should not be shared. While this may seem like common sense, often customer data is stolen through third-party shared connections.
Gather only the Data you Need. While studying the demographics and buying habits of your customers may seem fascinating and is often useful, some data may add no real value to your studies. The more data you gather about your customers, the more you are responsible to protect.
You, and/or your company already have data you have gathered from various sources, and more than likely some of that data is stored in the cloud. Even if you feel iffy about your security policies and how well you are protected now, there are steps you can take to reassure yourself and your customers.
- Analyze where your data is stored, and revisit legal obligations and ownership of data.
- Review who has access to your data and how much. Revise your policies if need be.
- Take steps to ensure your data is protected internally.
- Catalog the data you have gathered about your customers and what data you are currently gathering. Ensure you gather only necessary data.
All data on the internet is hackable, so companies must take responsibility for doing the best they can to protect the data they gather. Disaster can strike anyone, but taking these steps will make it less likely that you and your customers will be victims.