Make sure your business meets the Data Protection Act requirements for keeping customer data safe. Here’s our guide to the simple steps you can take to safeguard customer data.
1. Keep tabs on where customer data is stored
Adopt a clear, consistent policy for how your business stores customer data. Data should be stored in one central location with a regular backup schedule in place. Make sure that your employees do not save customer data on individual or personal PCs or mobile phones. If storing customer data on external hard drives or servers, these should be stored in a cool, dry room with secure locks to prevent theft. If storing data using cloud-based services such as on Google Drive, ensure you use secure passwords on your accounts and your wi-fi network. All confidential data should be encrypted too.
2. Limit employees who can access data
Allow only authorized access to customer data and ensure data is regularly backed up in case it is deleted or changed by staff. Set secure logins with passwords for servers and computers, with different access levels for staff to ensure minimal access to critical data. Strong passwords – with a mix of capital and lower case letters, characters and symbols should be used and changed monthly. Educate staff on the importance of keeping data safe and the potential risks from hackers or malicious software.
3. Install security software
Ensure your security is up-to-date and install anti-malware software and spyware protection to prevent hackers from accessing customer data. Set anti-virus software to perform daily scans for viruses that could erase your data or copy it and send it elsewhere. Only open emails from known senders and be cautious of suspicious web sites – if possible, limit access to web sites for staff using office equipment.
Firewalls are important to protect data from hackers. Newer Mac and Windows computers include firewalls, but make sure these are turned on. As your business grows, consider buying hardware-based firewalls, which are installed in office routers to prevent hackers getting onto company networks. Hardware firewalls are useful for protecting a network of computers that share the same network.
4. Regularly back up customer data
Storing data is only one place means files can be permanently lost, so back up your data regularly. Use a mix of strategies for backing up all your data, with more regular incremental backups that store only changed information. External drives such as CD, DVD and external hard drives can be used to store data, but have the potential to be stolen or break over time. Store backups off-site in the case of office disaster such as flood or fire. You can also back up data to cloud-based services such as DropBox, but be sure to ensure to encrypt any data stored with a third-party company.
5. Limit data transfers
Customer data is vulnerable to being stolen or hacked when shared or moved. Consider whether you’ll be transferring customer files physically (such as on a memory stick) or electronically (such as via email or streaming). Memory sticks are easy to lose, so transferring over a secure internet connection may be safer – although emailing customer data, even if protected by a password, is not considered safe as emails generally are unencrypted and so are easy to hack. Encrypt data before transferring and enable email protocols such as SSL and IPSec.
Thinking of starting a business? Check out our free online courses in partnership with the Open University on being an entrepreneur.
Our free Learn with Start Up Loans courses opens in new window include:
- Entrepreneurship – from ideas to reality
- First steps in innovation and entrepreneurship opens in new window
- Entrepreneurial behaviour opens in new window
Plus free courses on finance and accounting, project management, and leadership.
Reference to any organisation, business and event on this page does not constitute an endorsement or recommendation from the British Business Bank or the UK Government. Whilst we make reasonable efforts to keep the information on this page up to date, we do not guarantee or warrant (implied or otherwise) that it is current, accurate or complete. The information is intended for general information purposes only and does not take into account your personal situation, nor does it constitute legal, financial, tax or other professional advice. You should always consider whether the information is applicable to your particular circumstances and, where appropriate, seek professional or specialist advice or support.