Four Ways to Protect Customer Data

The massive data breach at Epsilon has everyone thinking about ways to secure customer data. According to Kevin Skurski, security begins with knowing just how much information you have. "Customers' contact lists often contain much more than email addresses," he writes at the Bronto blog. "Be aware of what data you are storing on whatever email marketing platform you are using—in particular, avoid including very sensitive pieces of data like credit card numbers and Social Security numbers for your contacts." Skurski offers more advice—like this:    Be vigilant about passwords. "Most intrusions happen through the front door versus technical back doors," he notes. "Your password is often the front door key so it is best to have a strong password and change it periodically." You can also set expiration dates on passwords, and enforce password histories so users can't toggle between the same few open sesames. Be strict about employee access. Don't give anyone permissions unrelated to their role. "When someone no longer needs access, delete that user," he advises. "Shared user accounts and passwords are inherently insecure and a cause for break-ins." Be just as strict about remote access. Make your company's IP the sole IP allowed to reach sensitive information. "Will this be inconvenient when you try to sign into your account from home or on the road?" he says. "Yes, but a secure office would have a VPN to let you securely access the Internet through your work network." Be hyper-aware of phishing attempts. As phishers become more savvy, their emails look more credible. Check URLs closely, and go to a company's website to look for downloads if you're even slightly suspicious. Conclusion: Run a tight ship. Don't compromise your customer data by treating it casually; with the right safeguards, you can avoid an Epsilon-style disaster.