If You Collect It, Protect It

Derek Holmes

Are you protecting your customers’ data? Do you know what data is being collected, who has access to it, and how they’re using it?

When you collect data from your customers, you take on the obligation of protecting that data. Think of all the recent headlines around data breaches. Think of the costs, the lawsuits, and the penalties being levied against the organizations that were breached. And think of the damage to their reputations and the potential harm to their consumers.

Protecting customer data is serious business. If you collect data from your customers, you need to protect it. The risks to your customer data are very real. That data has real world value to those who are targeting it—hackers, scammers, and social engineers—and they are all clamoring to get a piece of what you have, for their own use or to sell to others.

Who Protects the Data?

So the first order of business is: who is going to protect the data? Ultimately, everyone should play a part in your data’s security, but it should be the role of at least one individual to be thinking about security, what needs to be protected, and how that data is going to be protected.

What Data Is Collected?

Consider what data you need to collect, and then only collect what you need. If the data doesn’t have a valid business function, then why take on the risk? Keep only that data that you need and have a retention plan in place for how long to keep it. Remember that you’re going to need to protect that data. And if you can’t protect it, then you shouldn’t collect it.

How Are You Protecting It?

Protecting customer data is serious business and should be at the forefront of your security concerns. There are lots of risks to that data, and you are obligated to protect it. Take that obligation seriously and make sure it’s someone’s role to focus on security and protecting your customers’ data as well as your own. Create a new role if necessary. As part of your protection, make sure you understand the data you have collected, how to classify it, and what mechanisms are required to protect it. If you’re unsure how to protect it, reach out and get advice from the experts.

Make sure you’re using the right technology to protect that data. Use secure applications where possible, control who has access to the data, and encrypt the data while at rest. Keep security in the minds of all your coworkers. Provide them with the tools and training necessary to protect that information at all levels and develop a company culture that places security high amongst its concerns. For more information, see the Federal Trade Commission’s guidance for protecting personal information.

Derek Holmes is a Senior Systems Engineer for TSG Security at Connection. His area of knowledge includes Network and Systems Architecture Design, Network Access Control and Policy Enforcement, VMware virtualization and Virtual Desktop Infrastructure solutions, and product and service delivery. Derek is also a Cisco Certified Network Associate and has CompTIA Security+ and VMware VCP5-DV certification. In his spare time, Derek is a big fan of science fiction and fantasy in all its myriad forms and enjoys spending his free time with his family and pets.