How To Protect Your Customers Information

One of the “experts” at PC Magazine sure stirred up a mess last week by essential accusing small business owners of selling their customer’s information.

As you know, this is ludicrous. We work hard to protect our customers information, information that we have worked even harder to acquire.

While I was thinking about this situation though, I realized that there are new product sellers who really don’t understand everything they must do to protect their customers information. In most cases, they must rely on their web hosts, web designers or shopping cart software developers to provide the necessary information.

Protecting information that you collect as a small business is critical for two reasons:

1. Legal ramifications. If your lax security allows someone’s credit card number to be stolen, you will be held liable. The legal fees alone will kill your business.

2. Reputation ramifications. While as a small business, you want media attention, this is NOT the kind you want. Getting a reputation for mishandling customer data will hurt. And you don’t have the PR professional available to spin your story like a large corporation does.
So I thought I’d put together a small list of things you need to make sure you have to protect your customer data.

1. Encrypt stored data. If you’re going to store customer’s data on your server, you must do so in an encrypted database. This is especially true if you store credit card information. Check with your shopping cart provider to ensure that they are encrypting the database. (Chances are, if you have to enter special password to retrieve customer data,then it is encrypted.) For the record, customer data stored within Mals Ecommerce, the cart that ties in with the Shop Kit Plus, encrypts sensitive customer data. The SKP does not store customer data, such as credit card numbers.

2. Secure your connection with SSL. Any time a customer is asked to submit sensitive information, the connection should be secured with an SSL Certificate. You will know if your cart does this if you see the https:// before the link in the address bar on the pages where information. For the record, Mals features SSL secured pages.

3. Limit access. If you’re a sole proprietor, chances are you’ve never thought about who has access to your customers private data. I recommend you start thinking about it now. If someone spends the night at your house, can they login to your computer and, using your stored passwords, download a few credit card numbers? My system is setup so that I have to know at least two passwords just to get anywhere near sensitive customer data. And that’s only after getting logged into my computer and finding the right place to go. Also, if you bring in an employee or sub-contractor to work on your accounts, make sure she does not have access to sensitive customer data.

4. Protect your systems. Make sure your computer’s wireless connection is password protected. Make sure you routinely scan your office and laptop computers for viruses. Check with your host and ensure that you are on a hacker-safe, PCI compliant server. Also, make sure any applications that you are running on your hosting account are secure. You can check with your vendors to ensure this is the case. Also, do a Google search for reviews of your cart and host, to find out if there have been any security issues. If there have, make sure those issues have been repaired.

These are four basic steps you can take to make sure you are protecting your customer data. If you have any questions, please let me know.