What Should I Do to Protect Customers’ Personal Information?

Your business may hold customers’ personal information. This information could include details about customers’:

• health;
• racial or ethnic origin;
• political opinions;
• religious beliefs;
• sexual orientation; and
• criminal record.

Therefore, you need to have adequate security measures in place to ensure this personal information is protected. At a minimum, you should have industry standard security measures. This article focuses on three approaches you can take to ensure you have an adequate level of security to protect your customers’ personal information.

1. Choose a Reliable Hosting Provider

When storing customer information in the cloud, it is crucial you choose a reliable hosting provider. Specifically, you should look for a provider that takes security seriously and is willing to work with you to protect your customers’ personal information. You should also ensure that the provider proactively responds to data breaches.

When considering a hosting provider, there are a number of matters to consider.

Does the Hosting Provider Monitor the Network?

If your hosting provider regularly monitors its network, the chances of your customer information being protected are much higher. This is because the provider does not have to wait until a customer complains that the servers are down before taking action.

Servers can go down as a result of a number of types of attacks, such as:

• denial of service;
• phishing; and
• viruses.

A hosting provider that monitors the network can actively identify these types of activities. It is also likely to be fighting the intrusion before it affects customer data.

Does the Hosting Provider have Denial of Service Prevention?

Your hosting provider should also have Denial of Service (DDoS) prevention measures in place. There is no point in your hosting provider monitoring its network if it does not have a way of preventing a data breach from happening.

DDoS attacks occur when a website receives thousands, sometimes millions, of requests to access the website. This can happen legitimately. For example, when thousands of users are trying to access a website at the same time. However, sometimes, a malicious attacker might artificially create requests to access a website, in turn bringing the site down. Therefore, your hosting provider needs to have measures in place to prevent or limit the damage caused by a DDoS attack.

DDoS prevention is important because DDoS can leave:

• your website or information unavailable; and
• customer information exposed and easily stolen, while the system is down.

Does the Hosting Provider Have Secure Socket Layers?

If your customers are entering sensitive data, such as credit card and bank details or health information, then your hosting provider should have secure socket layers (SSL). This is crucial to protect their personal information.

You might recognise an SSL certificate by the little lock that appears in your browser’s address bar and the ‘s’ in ‘https’. SSL certificates mean the connection between a customer’s browser and your website is secure. Therefore, a customer’s personal information will be protected when they enter it.

Other Matters to Consider

When you choose a hosting provider, make sure you review the contract and discuss it with them. You should also check that the provider has ‘uptime guarantees’. Server uptime refers to the amount of time in any given period a server stays up and running. A hosting provider may guarantee a certain uptime, such as 99% or 99.9%. However, they may exclude planned maintenances or unexpected occurrences.

Furthermore, you should choose an Australia-based hosting provider. This means your website might work more quickly and customer service may be more responsive.

2. Restrict Access and User Permissions

You should ensure access to customer information is restricted only to the employees that need access to the information.

To enforce this, set up access and user permissions. This means that even if an attacker enters the system, they will not be able to access the files you hold easily. This delay might also give your hosting provider time to recognise suspicious requests for access and kick those unwelcome users out of the system.

3. Implement a Data Breach Response Plan 

You should have a data breach response plan in place. The plan should set out how to deal with a breach and mitigate the damage. This is important to ensure your business complies with the mandatory data breaches scheme in Australia.

Businesses within the scope of this scheme need to notify customers affected by an eligible data breach. Failure to notify may result in significant administrative penalties.

Key Takeaways

You should take the security of your customers’ information seriously by choosing a reliable hosting provider. It should consist of a responsive and cooperative team, with good security measures. On your end, you should restrict access to customer files in your database, so employees have access only when necessary.

Finally, consider implementing a data breach response plan so you know who to notify in the event of a data breach and what measures you should take to mitigate damage. If you have any questions, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.