Last month we discussed ways you can protect your own personally identifiable information (PII). This month we will briefly cover how businesses who collect information about their customers can help safeguard this data to avoid costly data leaks, exposure or loss of data to a third party you may not know or trust.
The security of consumer data has become the number one initiative for many organizations across the country, mostly due to new laws and regulations passed to help protect consumer PII. Many of us already use anti-virus and firewall programs to help protect our computers and large companies have highly sophisticated infrastructures in place to keep bad people out. However, digital security goes far beyond protecting the perimeter of a company’s digital network.
Today companies are required to encrypt certain sensitive information if stored electronically, whether it is credit card information, Social Security numbers, drivers’ licenses, bank account information or other sensitive data.
Credit Cards: If your company collects credit card information online, then you are required by Payment Card Services (PCI) to securely receive the credit card details via an encrypted website, and to encrypt any information stored in a database (without the security code or CVV number, typically the three-digit number on the back of a credit card). Not adhering to these requirements can be financially devastating to a company.
Social Security Number: Today, 22 states across the country have passed laws to help protect PII for their residents. CA 1386 is the California law enacted in July 2003 requires that any breach or loss of PII to be reported and all potentially affected parties be notified. Additionally, the organization responsible for the exposed data is required to provide credit-monitoring services to all affected individuals for a full year. This type of protection will undoubtedly become a federal law in the future.
How do you protect your customer data?
Make sure your website is secured with an SSL certificate if you take credit cards or do sensitive transactions with your customers. You can easily check if it is secured by going to http://www.escv.com/secure and entering your website to test.
Never send sensitive information in an email. Email has become a very useful tool in most businesses. However, it’s not secure. One email to a customer can travel through dozens even hundreds of servers to get to its final destination. If just one of those servers has been compromised, the sensitive data can easily be in the wrong hands.
Rob Gardner, founder of Santa Clarita Web Services, has more than 15 years of experience working with computer and web technologies, including information security, regulatory compliance and data loss prevention, for Fortune 500 company’s.
If you’re a business owner and have questions about securing your customer’s information or your website, please call Gardner at 661-799-9100 or email rmg@eSCV.com .