Protect Your Customer Data
Joern shows you how to cover your security bases -- and keep your customers happy.
One of the most challenging tasks facing businesses today is protecting customer
data. Identity theft cases and high profile data privacy breaches fill the headlines,
which only underscores how essential it is to keep your customers' data private
A few years ago, Oracle Corp. CEO Larry Ellison proclaimed that "privacy...is
largely an illusion." These days, that sentiment doesn't go over well with
consumers, who are increasingly sensitive about the security of their personal
data. Before long, companies that don't take steps to safeguard their customers'
data won't have any customers to worry about.
If your business revolves around collecting and maintaining customer data,
such as names, e-mail addresses, credit card numbers or any other potentially
sensitive data, then safeguarding the privacy of that data is essential to your
company's continued existence. Accidental disclosure of data that hasn't been
properly safeguarded is a disaster on many different levels -- financial, customer
trust and quite possibly legal ramifications.
Most organizations are required by law to inform customers when their personal
information is compromised. Consider the cost of not being careful with names,
addresses, credit card numbers and other customer data. Research firm Gartner
Inc. estimates that an average data breach costs $140 per affected customer.
This includes direct costs like legal fees and the cost of notifying customers,
as well as indirect costs like losing customers and employee productivity. While
the impact on your bottom line may not equal that experienced by The TJX Companies
Inc., which recently admitted that data for more than 45 million customers was
stolen from their servers, any theft of customer data is bound to be more expensive
than you dare to imagine.
A good starting point for protecting customer data is to establish and enforce
posted on Web sites. Customers are also becoming increasingly sophisticated
about analyzing policies and determining how they will affect the security of
their personal data.
how long you need to keep this data, under what circumstances you may share
the data with others and how you safeguard this information. A good policy also
describes how your company protects customers, rather than merely justifying
overzealous data collection.
used by ING Direct. The bank clearly lists four principles of data collection
and use and then explains what each of these principles mean. ING Direct's policy
identifies what data it maintains, the limited conditions under which it will
share customer data with third parties and what happens to your data when you're
no longer a customer. The policy is easy to understand and demonstrates that
the company is concerned with privacy.
Unfortunately, you can also find many examples of meaningless privacy policies.
You don't have to search for long to find companies that essentially state that
they may use all information they collect as they see fit, including sharing
this information with third parties for advertising purposes.
There's a trend to have privacy promises made meaningless by stating that a
company reserves the right to change its policy at any time without notifying
customers of such changes. Lawyers may advise you to include such a statement
in your policy, but you should look for more customer-friendly alternatives.
but it's supported by a pledge to always protect any data according to the privacy
policy in effect when the customer initially supplied the information.
What Do You Need To Know?
As you're evaluating your data collection policies, carefully consider what
you really need to know to run your business. This starts with basic demographic
information. If you're a software vendor who offers trial software for download,
you may require visitors to your Web site to fill out a form before they can
initiate the download. Many such forms ask new customers for their name, address,
phone number, e-mail address, job role, nature of their business and more.
Some of this information is collected in order to contact the prospective customer.
Other times, the reason for collecting it is simply that someone thought it
would be nice to know as much about prospective customers as possible. Is it
really useful, though, to know someone's address if you don't plan to send them
any mail? Does gathering statistics about your Web site visitors outweigh the
risk of annoying potential customers who may feel they're being asked to provide
too much information?
As you're evaluating what to collect, take a long, hard look at whether you
really need the information. Collecting unnecessary information doesn't just
annoy customers, it also leads to clutter that can make it much more difficult
to safeguard the data.
How Long Do You Need It?
When dealing with your own personal data, there's probably no harm in keeping
it around forever. Doing the same for business data can be problematic. Sure,
there are good reasons to have a data retention policy. Long-term archiving
of certain data can even be a legal requirement in some industries. However,
this shouldn't be the default. If you delete data you won't need in the future,
you won't have to worry about the consequences if it's compromised.
For example, most businesses have no need to store a credit card number after
processing a credit card transaction. Deleting this information from your servers
quickly and consistently will spare you the agony of reading in the press that
someone stole thousands of credit card numbers from your servers.
Where Should You Keep It?
Most businesses provide their customers with Web forms to enter information
about themselves, whether this is an e-mail address or a Social Security number.
Just because you need to collect this information with a server that's on the
Internet doesn't mean that same server that holds the data should also be accessible
from the Internet. Fortunately, most businesses place their database servers
on a separate network, so that hackers can't get at them directly.
In many cases, however, the same Web servers used for data entry are used to
retrieve information from the database server. This renders isolation to a different
network useless. Such bad network design is often the result of taking shortcuts,
not paying attention to how data is used or analyzing the value of the data.
Even if you think your databases aren't accessible, they may become so inad-vertently.
One of the most common vulnerabilities on Web servers is SQL injection. This
type of attack puts a SQL query into a form field instead of the expected data,
like an e-mail address.
If your Web application doesn't carefully check that any entered data is not
really a SQL command before it's passed on to your database server, you may
let a hacker get to any information he wants in your database. The only defense
against such attacks is careful Web application design to ensure that all data
entered by users is indeed valid.
Can They Take It With Them?
Whenever you're storing customer data, you should be concerned about which employees
have access to this data. After all, statistics consistently show that the majority
of data theft is performed by insiders. Even if all your employees are trustworthy,
it's not uncommon for someone to lose a laptop or removable storage containing
Trying to protect against data disclosure by employees exposes an unfortunate
dilemma. Employees, such as those in a customer service department, need to
have access to the data you maintain to perform their jobs. You also have to
ensure that they can't steal this data. There's no absolute protection against
data disclosure or data theft by someone who has access to the data, but there
are easy methods to mitigate the risk.
If you make sure employees can only view a single customer record at a time,
you can at least prevent someone from taking a large number of customer records
with them. You can also restrict the use of mobile storage to prevent someone
from easily carrying data out the door. You can also purchase software to enforce
encryption of all confidential data that is legitimately taken off your premises.
The Simple Things
Preserving your customers' privacy and safeguarding customer data is a complex
task. It includes business analysis, Web design, database administration, network
access control and much more. This may seem like a daunting task, but you can
address many problems by implementing a few of the simple principles described
Keep your customers' privacy concerns in mind, store only the data you need,
and provide access to customer data only to the extent required to run your
business. This creates a foundation for designing secure Web applications and
networks. The result will be more secure and easier to manage.