bCentral Home
Your Online Business Center

Protect customer data

How to guard important information

Facts and figures

Another month, another stolen laptop or hacked website. Every time, thousands of people are exposed to the risk of identity theft. This is bad for them, but it's also bad for the companies that are responsible. Reputations suffer, clients leave, and careers crash and burn.

There are legal risks too. One of the eight principles of the Data Protection Act is that personal information must be 'secure'. Reckless disclosure is a criminal offence.

On top of all that, imagine if your competitors got hold of your precious client lists and contact details. Or a disgruntled employee was able to sabotage or steal your data.

Whether you use Excel, Business Contact Manager or Microsoft CRM, making sure your customer data is safe is not an abstract concern for the geeks in the IT department. It is a board-level business issue.

Guard your data

Follow the data. Where does it come into your business? Who has access to it? Where is it stored? Where is backed up? How is it archived? Track your data through the business to see where weak points occur.

Control access. You need to operate a 'need to know' policy on customer data. Few people need access to everything on your company servers - and anyone who does needs to be carefully vetted - so make sure your databases and servers restrict access by role.

Watch your website. According to the DTI's latest security breaches survey, a third of ecommerce websites don't encrypt customer data. Evil hackers and criminals don't even need to leave home to attack your website - don't make it easy for them. Get your website tested and locked down.

Don't forget the basics. According to Symantec's latest threat report, 30 of the top 50 malicious code samples exposed confidential information. Spyware and viruses are the easiest way for bad guys to get into

Backup your backups. Offsite backups are a necessity, but make sure that the data on your backup tapes is encrypted and that you find a reputable firm to store it.

Don't forget the human dimension. Policies and training are important. Too many security policies make perfect sense to HR lawyers and IT people but not to the people who are supposed to follow them. The best possible policy isn't going to deter a ne'er-do-well, so you also need to be careful with recruitment - take up references, for example - and remember to 'shut the door' on leavers by deleting all their user accounts as soon as they leave.

Finally, make sure you ask smart questions. Here are twelve simple questions to ask your IT department and suppliers. Don't be fobbed off with technospeak.

What next?

Get free software training from Small Business+. Sign up now.

Matthew writes a new column every fortnight. Subscribe and get each edition direct to your inbox.

Sign into Microsoft Small Business+ for free web-based training and software support.

sign in
Security information

Find a local Microsoft Small Business Specialist to help with your IT needs

Microsoft Small Business SpecialistMore info >

What do you want your PC to help you with?

What do you want your PC to help you with?

Free business newsletters - subscribe now

Our free newsletters are packed full of business advice and ideas - plus all the latest news

Security information

Get the latest bulletins and updates direct from Microsoft