How Your Website and Business Can Protect Customer Data

In today’s world, every business should have its own website. Not only does it increase visibility (if you want to grow), but it can make it much easier for current customers to find up-to-date information on your business. Customers can also usually find answers to common questions, saving both of you time. And websites are easily hosted 24/7, whereas customers usually cannot call your business outside office hours.

Big Data is also becoming mainstream, with even small and medium sized businesses (SMBs) starting to collect large amounts of data. This data is helpful in marketing and even directly assisting customers. But oftentimes that information is valuable, and your SMB needs to protect it from thieves and hackers.

Refine what you collect

If you don’t collect something, it cannot be stolen. That means you completely eliminate that liability. Some information, like email addresses or phone numbers, may be important for you to store, and that’s perfectly fine. You may need physical addresses for house calls. You almost certainly need names for billing or simple correspondence. Each individual piece of information, by itself, is harmless if stolen. However, when all of it is stolen together, identity theft becomes a real threat.

Reduce the data you collect to absolute essentials. That will reduce the likelihood of your customers’ identities being stolen after a data leak. But also refine what you collect. Carefully consider your needs and what you ask for. Do you need an age? Does it have to be exact? Outside legal requirements, probably not. You could ask simply for the year of birth, or the customer’s current age, rather than asking for a day, month, and year. Is a general location sufficient? Ask for a ZIP code, not the exact address.

Be transparent

When collecting data, be transparent in your policies. First, that means publishing a plain English version of your policy. Second, you should explicitly state the information you gather from customers. This will prevent customers from accusing you of surreptitiously collecting their information. While possibly legal, implied consent can still become a PR nightmare after a hack.

Encrypt what you do collect

Whatever information you finally decide to collect, it is essential to encrypt it. Fortunately, encryption is relatively easy to achieve, even for SMBs storing their data on company laptops and USB sticks. Even if you only store phone numbers, addresses, and names, the data should be safeguarded through encryption. Perhaps the leak from your company only contains that information, but it could be combined with other information from other leaks to build a complete profile. If the stolen data is encrypted, it is useless to the hackers.

In addition to encrypting any data you store, you must also encrypt your website traffic. This means using HTTPS instead of HTTP and end-to-end encryption. If you have a website developer, ask about site encryption. Any website developer will be able to explain the concept, its usefulness, and its importance in detail. For the purposes of this article, simply consider it a requirement for any website.

Spread awareness

If you want to protect yourself and your customers, you can also participate in global education. Inform your customers of how easily credit card numbers can be stolen, how to avoid falling victim to phishing scams, and what the consequences of identity theft are.

If your customers are able to avoid these pitfalls on their own, it will protect them and your business. For example, a customer who can spot an imitation of your website will not enter information, and therefore will not later blame you for a loss. In fact, that might be appreciative of your educational efforts and even alert you to the problem. This doesn’t have to be a thorough and in-depth part of your site. You can include it under a tab like About Us or FAQ. You could even simply direct customers to websites like the Consumer.gov Identity Theft page.