Corporate retailers including Home Depot, Target, Michaels, Dairy Queen, and Kmart have all been victims of security breaches, and are still feeling the aftereffects. In addition to the financial repercussions, even mainstream brands suffer from diminished trust when customer data is compromised. This trust can be difficult to rebuild, and the negative effects are often even more pronounced for small- or medium-sized businesses. To find IT security jobs, click here.

Privacy Policies

Being upfront with users about how long you plan to store their data, what type of data you’re storing, and how you plan to use it is a good step to take when it comes to establishing trust. Some companies take this a step further by letting users know when the privacy policy has changed, and by adding easy-to-read explanations in addition to the fine-print terms of service agreements.

Security Measures

Companies need to secure their information in a way that makes sense financially. “It doesn’t make a lot of sense to secure a million dollars’ worth of information with $10 million worth of security,” Trustwave Vice President of Product Management Josh Shaul said in an interview. Common-sense security measures should be in place for all data, and this begins with a general risk assessment. “You’d be shocked to find out how many companies are storing data, but the compliance and the risk and the security people don’t even know that that data’s being stored,” Shaul added. After areas of weakness are discovered, businesses can adopt new practices and procedures to protect against potential threats, such as installing intrusion detection and prevention technologies, anti-malware controls, and Web-application firewalls, and modifying network access controls to prevent unnecessary access. Some businesses may choose to work with outside experts responsible for installing, monitoring and updating their technologies in response to new potential threats.

Retention

Financial information must be retained in order to comply with government regulations, and many businesses choose to store additional information, or save data for a longer period of time than required, if legally permitted. Fresh data is more likely to be targeted than older data because it is more valuable to criminals—numbers for active cards sell better on the black market than older ones, for example—but social security numbers and birth dates do not change, so data stored for longer periods of time is also vulnerable. In addition to a transparent privacy policy, companies should take extra measures for securing data that’s been on their servers for a decade or longer. Extra steps can be taken to secure data that’s currently dormant, but saved in case it’s useful in the future. “If nobody needs to access it, then there’s no reason not to encrypt the heck out of it and make sure that it’s really, really hard to get at,” Shaul said. Because the data is dormant, it can be protected securely in a way that would be inconvenient for information that needs to be accessed regularly. Dormant data can be protected by strong encryption, and locking away the encryption keys in a place that’s very hard to access.

Related Articles

• What eBay Can Teach Us About Security Breaches
• IT Security Job Opportunities Growing in a Dangerous World
• Senate Grills Target on Lax Security

Image: Maksim Kabakou/Shutterstock.com