How to protect customer data

News
By published

How to protect your customers' data and create a security strategy

How to protect customer data
How to stop customer data leaks

The information that is entrusted to your business by its customers must be protected not only for the sake of your brand and businesses bottom line, but also any breaches could result in heavy fines.

The Data Protection Act states that businesses must take all possible action to protect the data they collect from customers. Which means it's important to understand what level of detail your business can hold on its customers, and how the Data Protection Act impacts this. In essence, your business can only store data for 'fair processing'. In practice this means

Your business must:

  • Have legitimate reasons for collecting and using the personal data.
  • Not use the data in ways that have unjustified adverse effects on the individuals concerned.
  • Be open and honest about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data.
  • Handle people's personal data only in ways they would reasonably expect
  • Make sure you do not do anything unlawful with the data.

The Information Commissioner's Office states: "Fairness generally requires you to be transparent – clear and open with individuals about how their information will be used. Transparency is always important, but especially so in situations where individuals have a choice about whether they wish to enter into a relationship with you. Assessing whether information is being processed fairly depends partly on how it is obtained. In particular, if anyone is deceived or misled when the information is obtained, then this is unlikely to be fair."

Protecting against data attacks

Data in your business can be compromised in a number of ways including:

  • Exposure of sensitive data by employees either intentionally or unintentionally.
  • Virus and malware attacks.
  • Data removed from secure premises then lost or stolen.
  • Data lost in transit due to, no, or poor levels of, security

Your business isn't powerless to act when faced with what can be prolonged attacks on its systems to reveal sensitive customer data. Follow these steps to ensure your customer's information is always safe and secure:

  1. Keep all of your IT systems' anti-virus and firewall protection up-to-date.
  2. Educate your staff about good data security policy, which means locking computers when not in use.
  3. Prevent sensitive customer data from being removed from your secure premises on removable media such as USB drives.
  4. Ensure that mobile devices such as smartphones and tablet PCs use secure connections – such as a VPN (Virtual Private Network) – when they connect with your servers to access customer data.
  5. Be aware of any data that is contained on obsolete IT equipment. Did you wipe the hard drives of any PC your business has disposed of?
  6. Backups of customer data are vital to carry out on a regular basis. Using an off-site data backup service can provide a level of redundancy to allow your business to protect customer data as part of its contingency planning.

Developing a security strategy for your business

For small businesses in particular, the customer data they contain can be their most precious commodity. Customers entrust their personal data to your business such as payment details. If your business can illustrate that it has the systems in place to protect that information, your business will become a destination that will develop into a long-term commercial relationship.

Cisco offers this advice about how to holistically approach your business' data protection:

"When dealing with something as invaluable as customer data, think about creating a unified strategy that incorporates the network, people, and tools. Security is like a chain: It is only as strong as its weakest link. Do not be tempted by a piecemeal approach. Instead, create a single, integrated strategy that focuses on return on value rather than return on investment. It helps to work with trusted vendors that can provide end-to-end security, from the network foundation to the most remote laptop. You should also find the right balance between security and usability."

The advice is clear to all businesses that they must have a robust and detailed data security policy that is business wide and is communicated to everyone within the company. Malicious attacks on sensitive data are a fact of life in a modern digital enterprise. But what is also clear is that your business can take steps to minimise these attacks and protect the information that your customers have entrusted to your enterprise.

David Howell
Latest in Pro
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
Hands on a laptop with overlaid logos representing network security
Winning the war on ransomware with multi-layer security
Latest in News
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
More about pro
China

Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock

NYU website defaced as hacker leaks info on a million students
A robot painting, created by ChatGPT.

ChatGPT’s new AI image capabilities are genuinely amazing, but they’re so frustrating to use that it made me want to throw my laptop in the trash
See more latest
Most Popular
Kelsey Asbille as Monica Long and Luke Grimes as Kacey Dutton embrace in Yellowstone season 5, part 2
Taylor Sheridan’s Yellowstone universe is expanding outside of Paramount+ again with another spin-off reportedly in the works
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
The Backbone One Xbox Edition.
I'm not waiting for a dedicated Xbox handheld any longer thanks to the new Backbone One: Xbox Edition
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Freddie Prinze Jr., Sarah Michelle Gellar, Matthew Liliard and Linda Cardinelli in Scooby Doo 2: Monsters Unleashed
Netflix is firing up the Mystery Machine with a live action Scooby-Doo series
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
Sama virtual assistant
Speak, Book, Fly. Qatar Airways debuts industry-first AI travel agent, Sama
An Apple Lumon Terminal Pro computer next to a keyboard with Severance-themed keycaps
You sadly can't buy Apple's Lumon Terminal Pro computer, but here's where to get the Severance-style keycaps
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025