As Canadian companies of all sizes continue to grow and compete in the global economy, they must also make serious considerations and investments when it comes to protecting their customers’ private information. Against the backdrop of recent data breaches such as the ones experienced by Target and eBay, corporate leaders must take data security seriously, not only as a measure of successful business practices and corporate reputation, but also to comply with government regulatory requirements.
The Personal Information Protection and Electronic Documents Act ("PIPEDA") governs the topic of data privacy, and how private-sector companies can collect, use and disclose personal information. Organizations must follow a code for protecting a customer's personal information, and part of the code is safeguards and fair business practices when it comes to securing that data.
Cyber security threats are real and increasing at an alarming rate. According to a recent report, 45 per cent of data thefts in 2013 involved confidential, non-payment card data such as financial credentials, personally identifiable information and customer records. That’s an increase of 33 per cent from 2012. Canada is currently sixth globally when ranking the top 10 victim locations, which illustrates the need for companies to protect their customer data from cyber intrusions such as malware, user accident and software application vulnerabilities to name just a few.
To that end, here are ten easy-to-implement tips to help secure customer data:
1. Encryption is key. Encryption software uses mathematical algorithms to protect information and it's considered an effective tool to help protect customer data. There are lots of options available for every size of business from full-disk encryption to individual file encryption.
2. Mobile device passwords. This seems pretty basic but many people don’t use the password-lock function on their home screen. Make it a corporate policy that employees need to password protect their mobile devices.
3. Download remote locators for mobile devices. In the unfortunate event that a device goes missing or is stolen, protect data in advance by downloading and registering your smartphone with a remote locator application so you can track it down.
4. Ensure devices have remove data destruction capabilities. Various reports cite more than 50 per cent of mobile computers contain customer information that needs to be kept secure. Software can be installed on mobile devices that wipe data remotely in the event it’s been stolen or lost to prevent it from falling into the wrong hands.
5. Avoid public networks. Free wi-fi is both a blessing and a curse. Although it’s an easy way to save on data charges, many public networks are not secure which makes it easy for hackers to gain access not only to the device but potentially to the corporate network. If employees must connect using a public WiFi network, make sure it’s password protected and try to only use encrypted websites.
6. Prioritize technology investments. Cyber threats evolve and multiply every year as criminals become more sophisticated at penetrating corporate networks. At the same time, hardware and software providers evolve their products and services in order to supply the most effective ways to combat security breaches, so making the decision to keep technology investment to stay current is increasingly important to modern business leaders who want to succeed.
7. Consider outsourcing. Especially in small to mid-sized companies who don’t have internal IT resources, consider making the investment to outsource data security to a partner who can provide the most up-to-date hardware and software available.
8. Keep software upgraded. The creators of your smartphone’s operating system are constantly improving and adjusting the platform for optimal performance. Keep your software updated so you can benefit from the latest technology they have created for your device.
9. Keeping your organization informed. Communication and information about your companies data security efforts and privacy expectations shouldn’t be confined to the IT department. The deployment process affects an entire organization, and it’s critical to ensure all employees are well-informed.
10. Consider biometrics. One of the obstacles of effective data security is motivating employees to adhere to privacy policies. Voice biometrics, or authenticating users by their voice, delivers highly-secure and more convenient authentication than passwords, security questions, and PINs.
Amanda Traynor is a senior vice-president at VoiceTrust, a Canadian-based developer of voice biometric solutions that enable highly secure, authentication-based transactions for industries around the globe.