As a business owner or manager, you have the important responsibility of protecting the sensitive personal and corporate data provided by your client or customer base. Names, addresses, employee identification numbers, Social Security numbers, credit card information – this is the information that can be used by hackers to create and use fake identities.

Protecting this information is not only good business — in many cases, it’s the law. The federal Fair Credit Reporting Act (FCRA) allows for significant company fines for businesses that don’t adequately protect client information.

Carrie Hunt, who’s the president and CEO of the Council of Better Business Bureaus, explains, “Protecting your customer’s personal data against mishandling needs to be a top priority of every business that collects customer information. Your customer needs to trust that their private, personal information is safe with your business before they can trust doing business with you.”

A lack of trust on the part of customers and clients can easily do irreparable damage to your business’ reputation and, in some cases, it can close down a business permanently.

So what can you do to keep client and customer data safe, and protect the reputation of your company? There are steps you can take today to protect client data, as well as the hard-earned trust you’ve built with your client base.

1. Add firewalls, anti-virus software and other layers of protection to your business servers and computers. There’s no such thing as too much protection.  Add redundancy to your business’ security systems. Hackers, and other black hats who roam the Internet, are looking for easy targets. Using multiple layers of security software makes accessing client information more difficult, so hackers quickly move on to the next website – the easier target.

2. Choose a web host that values your business security. There are hundreds of web hosts. These businesses provide customer and client access to your company website. They host your website on giant servers, and provide varying degrees of server-side protection.

Server-side protection is based in the web host’s operations center, and includes things like hard-wired firewalls, security cameras focused on the server room, anti-virus and anti-spyware software, and other forms of protection. However, you may still find your business under attack from black hats mining for data on your host server.

How? If your company uses shared hosting services, your website may share the same server as a few thousand other websites. This leaves your website vulnerable to cross-side server attacks – attacks in which a hacker opens an account to gain access to other websites that share the same host server.  Responsible web hosts protect your business from cross-side server attacks using software to monitor server activity. However, as a business owner, you may opt for higher levels of security.

A virtual private server (VPS) partitions your website, creating a wall between you and the other websites that share the same server. VPS costs a little more than shared hosting, but your clients’ sensitive data is also a lot safer.

Another alternative? Instead of a shared hosting account, or VPS account, your company can open a private server account – an account in which your website and your data is maintained on a separate server, all by itself. Private servers are pricier, but a lot safer than a shared hosting account.

When shopping for a web host, ask about security measures. Sync up your office-based security software with server-side software to get maximum benefit.

3. Limit employee access to customer data. Password-protect office computers and servers to limit the number of people who actually have access to client data. Change passwords when employees leave the company. This protects against unhappy ex-employees accessing your customers’ sensitive data, stealing it, trashing it, or causing other problems that harm your company’s reputation.

4. Lockdown all computers. Laptops, desktops, tablets, PDAs, servers – all store information that can be stolen and used by competitors or hackers to ruin your reputation. If you use a cleaning service for the office, all it takes is a knowledgeable hacker to slide an unlocked laptop into a trash bin and smuggle it out of the office with all your data intact. Lock up your hardware or chain it in place to prevent this form of analog data theft.

5. Keep up with upgrades. The software used to block unauthorized access to digital data is routinely updated and upgraded to protect against the latest computer virus. You can purchase the best anti-hacker software available, but if you don’t update that software regularly, the bad guys may be able to find a back door with a new hacker program. Hackers are always looking for new ways to access data. Keep your security software up-to-date to get the most protection.

6. Notify clients and customers when data has been compromised.  If you know your office server has been hacked, and data stolen, notify customers and clients ASAP. Often, customers can take steps to protect themselves. They can notify their banks, for example, close accounts that have been jeopardized, and open new accounts with new access codes.  It’s just good business. It’s also the law.

7. Hire a professional. You may know someone who has a little experience with computer security, but chances are, they won’t be current on the latest methods used by hackers and crackers. Hire an IT security professional to monitor your office server and business activity to ensure that customer information remains safe.  These security professionals are highly-trained professionals who may charge a lot, but can you put a price on the trust of your loyal customer base?

Treat client and customer information with respect, and view it as a business asset – an asset worth protecting. There are plenty of hackers out there working on new ways to access your business information, so take steps to protect what’s yours.

You’ll sleep better, and so will those who’ve placed trust in your data security systems.


The information provided is presented for general informational purposes only and does not constitute tax, legal or business advice.