How to Protect Your Customers' Confidential Info


By Christopher Freeburn


Customer data may well be your business's most critical asset. Unfortunately, there are plenty of thieves who would like to gain access to it. Identity and credit card theft are burgeoning problems. Customers' names, addresses, and credit information are valuable commodities that thieves not only steal, but actually trade among themselves. Today's profusion of computer technology and online connectivity has proven not only a boon for business, but for thieves as well. Protecting your company's information is as vital as locking your office doors.


The World Wide Web of Hackers
There's almost no way to isolate your business from the Internet these days. Even the smallest businesses usually have web sites and email is now virtually a business requirement. That usually means that the computers you use for business are likely connected, either directly or through your company network, to the Internet. While there is no question that the Internet has been a huge boost to small business, it comes with serious security risks.



The Internet connection that brings the world to your business's front door can also let unscrupulous thieves dive right into your company hard drives and gain access to vital customer and business data. "The best way to prevent that is to make sure that your company network and computers have a robust firewall and use the latest Internet security software available," says Cambridge, Massachusetts-based computer security expert Dan Smith. "This applies even if you outsource your company's online services to a web hosting company." If you don't know how to enable your firewall and security software properly, hire a network or computer expert to do it for you. "Your firewall is the first and best line of defense in keeping unwanted people out of your system," Smith explains. "If you don't pay enough attention to it you can find your network crippled and your data stolen."


A wide variety of Internet Security software packages are available for small businesses. Additionally, personal computers and network servers come with some form of internal firewalls that will work in concert with third-party Internet security software. Most of these programs feature an automatic update feature that allows the software to contact its manufacturer online and check for software updates. Since the battle between hackers and security software is never-ending, keeping the update feature active is crucial to receiving updates meant to combat the latest threats.


Isolate Data
Your company data can be threatened not only from the outside, but also from within your business as well. Last January, news organizations reported the story of a Florida architectural firm whose office manager, erroneously believing she was about to be fired, deleted seven years worth of company records, including millions of dollars worth of blueprints and drawings from the firm's computer. The company was able to recover much of the data, but only at great expense. In order to prevent accidental or deliberate loss or theft of data, it is a good idea to restrict access to the company network-or at least to the most sensitive data-to a few trusted, high-level employees. Most network software packages offer a variety of different password-based levels of access to the network and its assets.


Make sure that employees guard their individual passwords and that the passwords of employees who depart the business are deleted immediately.


Shredding to Security
Keeping your company's critical data secure often means more than simply keeping your computers free from hackers and the office doors securely locked. Too many companies forget that documents tossed out with the trash become instantly vulnerable to thieves or competitors.


There is no privacy in garbage, according to a 1998 Supreme Court ruling, which means anyone can grab a garbage bag from your firm left at the curb and legally sift through it. That means your competitors can legally acquire sensitive information about your business if you aren't careful enough to properly dispose of it. It also means that identify thieves might glean enough personal information regarding your customers to open credit cards accounts in their names, causing them substantial financial harm.


In order to protect your company and your customers, you should consider creating a formal company policy regarding document disposal. And then make certain that all employees understand and follow through with its implementation.


Any paper that contains customer names, account numbers, or billing information should be shredded. The same is true of company documents that provide employee names, social security numbers, payroll, medical insurance, home addresses, or salary information. But you should also be shredding any documents containing information valuable to your competitors. Sales numbers, financial analysis, marketing plans or reports, web site usage figures - all of these could be of potential interest to competing companies. Legal documents as well. In practice it's a good idea to shred any document that sheds light on your company's internal practices or arrangements.


Document shredder machines are available in a wide range of sizes and prices, with small units running under $60, making it easy for a small business to have several such machines where needed. Traditional shredders rend documents into narrow vertical strips. Newer cross-cut shredders slice the documents two ways, rendering them into confetti that is almost impossible to reconstruct.


Wireless Vulnerability
Once upon a time, connecting the computers in a small office meant running wires all over the place. Today, setting up a wireless network for a small or home-based business can take little more than a few hours work. But for all their convenience, wireless networks face a serious downside: security. Your wireless router broadcasts your network's data indiscriminately over a certain area (anywhere from a 100 to 300-feet radius from the router). Any computer equipped with a wireless network card within that area can receive the signals and access your network.


"The number of businesses that forget to install some level of encryption in their wireless networks is astonishing," says Dan Smith. "People who are scrupulous about installing Internet anti-virus programs just blank on wireless access security." But the consequences can be serious. "There are people who set up their laptops outside office buildings and shopping malls looking for vulnerable wireless networks," Smith explains. "Once they find one they can penetrate they'll poke around until they find some useful information." That can include customer data like credit card numbers and billing addresses or employee data like social security numbers. "Once they have anything like that, it can be used for theft or identity fraud, or sold to others for that purpose."


In order to prevent unwanted intrusions, wireless equipment manufacturers have developed a variety of encryption programs. Most wireless network equipment comes with two basic encryption systems: Wired Equivalence Protection (WEP) and (Wired Protected Access) WPA. These encrypt your wireless signal, requiring any wireless-capable computer to have the right encryption key to decode the signal. WPA is the more robust encryption protocol. Keeping firewalls enabled on all networked computers and changing network passwords is also recommended.