How to Guard against Customer Data Theft as One Way to Provide Better Service

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://smallbusiness.yahoo.com/advisor/post/124386437687/names-addresses-phone-numbers-and-even-social

Names, addresses, phone numbers, and even social security numbers. This is
just a small list of the customer information employees have access to on a
daily basis. On one end, this information is used to provide safety and
security for customers and their accounts. On the other, it can be used to
commit identity theft and fraud, costing millions in losses. One recent
study estimates that 43 percent of businesses suffered a data breech in
2014. In order to provide customers with the safest and most positive
experience, of course strong computer systems with solid firewalls are
imperative.   But, in addition to this, it is important that your employees
understand the responsibilities of their position as privacy guardians.
Minimize the likelihood of client data theft by implementing the following
procedures.

Proper training

One of the easiest ways to minimize the risk of customer data being
compromised is through adequate employee training. Employees need to
recognize the value of protecting their client’s information. In addition
to offering friendly and efficient interactions, your team must understand
their role in keeping client data safe and secure. This comes from the
careful instruction, implementation, and evaluation of security and privacy
policies and practices. Also, collect feedback from employees on the
training you already offer. See what employees have to say about their
experience with policy and procedural training, and use their advice to
enhance your program.

 Controls

Having internal controls in place creates an environment where the chances
of employee impropriety are minimized and customer data is kept secure.
Create processes to limit the amount of access employees have to customer
data to only what they need to complete their tasks. If the specific
customer data required varies between departments, implement systems of
control that will ensure each employee only has access to the specific
information they need rather than everything the company has on file. Keep
sensitive files and check stock secured and monitor the assignment of keys.
Observing these business practices will minimize the risk of controllable
losses, and you will better protect your customer’s identities, ensuring
their continued loyalty and trust.

Employee Screening

Before your customer meets an employee, you need to know who you are
placing in front of them. Carrying out a comprehensive background check on
potential hires is another way to keep your customer’s data secure. The
process begins with identity verification and moves through motor vehicle
and criminal records as well as education and employment verification.
Employee screening also benefits the efficiency of the office since you
will more effectively zero in on qualified candidates for the positions you
need to fill. This may seem like an obvious step, but it is one that should
be taken seriously when building trust within your organization. Many of
your associates are on the front lines of customer service; promote safety
and security by understanding their various backgrounds. Furthermore,
customers appreciate professional service and the customer experience is
enhanced when they have a certain level of comfort knowing that the
information they share will be in safe hands. Proper employee screening
will help to weed out potential hires who won’t operate with the level of
professionalism your customers expect and deserve.

Good customer service includes protecting sensitive data. Your enterprise
should be communicating what steps they are taking in order to maintain
privacy and identity security. We are each customers ourselves. Don’t we
want the same comfort that comes with knowing our information is in the
right hands? The proper training, internal controls, and employee screening
guards against potential losses and provides clients with optimal service.

Educate Your Customers

Checks and balances and controls and screenings are only a part of the
equation when keeping your customer information safe.  The other key
component is your customers and educating them on their role in keeping
their information safe.  This includes making sure they know to only share
Tax ID Numbers and account numbers on a ‘need to know’ basis. It also means
NEVER sharing Personal Identification Numbers or passwords.  This includes
not writing them down in conspicuous places, making them strong with a
combination of upper-case and lower case letters plus numbers, and changing
them every few months.  Customers need to understand what circumstances
call for sharing their information, who would ask for it, and why.  Helping
customers understand phishing attempts on-line or via phone is important.
Encouraging customers to check their credit report at least annually is a
good safeguard to ensure no one is using the customer’s identity.  Take the
time to educate your customers by providing printed information on these
and other precautions.  It will go a long way towards keeping the customer
safe.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!