In my interaction with some business owners who have read customer security tips online, some have inadvertently picked up some misconceptions about customer security. Some of these mistaken beliefs are harmful and in the long run and can sink their businesses and those of others who are listening to them. What are they? I’ll start with the one I encounter most.
1. Digital protection is the only way to protect customers
Many customers are already protecting their homes with smart devices and smart home security is growing rapidly, so customers themselves are not focused only on digital security.
However, I’ll admit that sometimes, like other writers, I’ve stressed digital protection over physical protection. But the latter is just as important and overlooking it is criminal.
Some digital businesses use physical offices and employees use laptops or other electronics for work. A burglar may get access to sensitive customer information if he steals these equipment. Also, some companies still keep physical files with customer information in their office buildings. Focusing only on their digital assets would be a wrong move for such companies.
They can protect the office premises in the following ways:
- Install security systems that includes cameras, alarms, and smart lights
- Completely destroy any files of customers you’re no longer using, and keep the ones you’re using locked in a safe or space designated for them
- Employees should use strong passwords for their electronic devices and if possible lock them up before they leave work everyday
- Keep offices where sensitive information are kept physically or digitally out of bounds for employees who don’t need to use them
Physical protection and digital protection are both important. Don’t prioritize one over the other.
2. Once safe means always safe
So you’ve decided to protect your customers private information and their activities on your site. Is that all? Is it a set it and go about your business stuff?
Where security is mentioned, even in the real world, you must always be consciously protecting yourself. It’s the same with your business. For example, this quote from Kevin Mitnick addresses what he calls the “weakest link” in your striving to protect your customer:
“Companies spend millions of dollars on firewalls, encryption, and secure access devices and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information.”
Sometimes companies go rogue and sell personal information of customers in their care or a security company you’re using can be hacked and customer information is at the mercy of these hackers. If you have a set-it-and-forget mindset towards customer security you’ll likely be too slow to help your customers in either situation because you’re imagining the customers are safe.
Also, whenever you no longer need a customer’s information for any transactions, delete it permanently. Proper risk assessment is important to help you determine what customer information you have, where it is kept, and how necessary the information is in your transaction with the customer. Security consciousness is needed to avoid or effectively salvage unforeseen occurrences.
3. Customers can always take care of themselves
I’ve touched on this a little in the first point, but it deserves to stand alone too. Several customer actions are not in your power to control after you’ve done your part to secure your business. Some of these actions are:
- Using secure passwords and/or a password manager
- Enabling two-factor authentication to add an extra layer of security to them
- Encrypting their devices to protect their personal information
- Regularly updating software they use
That’s not all, but you get the point. So it’s pertinent that you seek ways to protect your customers, whether they’re consciously protecting themselves or not. While you can’t control customer actions, you can:
- Hire an IT professional to ensure your database(s)and website are as secure as can be
- Prompt them to use strong passwords when signing up with your product or service (some companies explicitly require that passwords must be a combination of letters, numbers and special characters and you can’t sign up without providing a strong password)
- Encrypt all customer information
- Use multiple layers of security on your own website
- Host data on a dedicated server
Some actions you can take are already covered in this article and this one, so you can refer to them. But the point is, don’t depend on customers to protect themselves. Sometimes the security prompts and measures you put in place to protect your business and by extension your customers will be enough to protect them without additional inputs on their parts.
Don’t let these misconceptions ruin your business and drive away your customers. Secure your business physically and digitally for maximum protection of your customer’s information and your own assets.