The digital age has transformed what it means to protect consumers’ privacy. Ongoing advancements in technology make the task increasingly challenging. Businesses must not only protect consumers’ personal information to comply with the law, in many cases, they may also find that failing to do so can potentially hurt their bottom line. Accidental and purposeful security breaches of consumer data have eroded public trust, and according to surveys conducted by TRUSTe and the National Cyber Security Alliance, 89 percent of consumers avoid companies they believe do not properly protect their privacy.
The legal landscape addressing consumer privacy continues to shift as well. More and more laws expressly dictate how institutions can gather and disclose their customers’ information. Small businesses may presume the burden of consumer protection does not fall on them, but they would be mistaken.
All businesses regardless of their size must concern themselves with safeguarding consumer privacy, which requires expertise in cybersecurity management. Those interested in gaining the skills needed to help businesses protect consumer privacy should consider the benefits of earning a Master of Professional Studies in Cybersecurity Management.
How Businesses Secure Consumer Information
Cybersecurity Awareness Month, sponsored by the Department of Homeland Security in October, aims to keep Americans safe and secure from cyberthreats by promoting safe behavior and personal responsibility among consumers. However, businesses also play a critical role in this mission. In many situations, protecting consumer information equates to protecting the reputation and viability of a business itself.
Here are 11 tips businesses can use to protect consumer privacy:
1. Know What Data Is Needed
Some businesses collect data they do not need. This can simply be the result of using software that automatically collects certain information. However, a company should concertedly select the information they gather and have a clear understanding of what the law indicates about the handling of that information.
2. Put Someone in Charge
Make someone responsible for collecting, storing, and securing consumer information. Problems with consumer data arise more often when no one is paying attention to or held accountable for its protection.
3. Limit What Data Is Collected
Ask consumers only for information needed for the delivery of the company’s service or product. Consumers often resent being asked to disclose information that seems irrelevant. In addition, should a business fall victim to a hacker, that additional exposed information puts consumers at greater risk.
4. Protect the Data Collected
Take the proper security measures to safeguard the information collected. This involves determining who should have access to the data, as well as sufficiently securing company databases, networks, and websites. In addition, businesses should use encryption standards relevant to their business needs while storing or transmitting any sensitive data. They should also employ firewalls that keep unauthorized users out and protected information in.
5. Use a Strong Authentication Process
Require employees with access to consumer data to create complex passwords that hackers cannot break with password-guessing tools. Federal Trade Commission investigations found victims of hackers have used weak passwords and often the same password for more than one account.
6. Understand the Threat
Consider the value of information to hackers and how they could steal it. Understanding this can help guide what safety measures to take. When businesses neglect to appreciate potential threats, they leave themselves much more vulnerable to attacks. For example, a survey conducted by Alliance found that 85 percent of small businesses believe they are at less risk for attacks than larger businesses. However, small businesses have lost hundreds of thousands of dollars to attacks, and sometimes hackers specifically target them because they tend to invest fewer resources in cybersecurity.
Post a policy for consumers that clearly outlines company business practices. This policy serves as a legally binding agreement and can help protect the business in the case of a security breach. In addition, because many consumers do not take the time to read privacy policies, provide them with reminders of how the company manages consumer information at key moments, such as when they are giving personal data.
8. Stay Up-to-Date
Invest in the most current security software, operating systems, and web browsers to defend against malicious hacks. Outdated programs are easier to infiltrate, so regularly updating a system strengthens its defenses against malware and viruses. Also key is putting up-to-date procedures in place for maintaining the security of the company’s network and software. Should a security breach occur, such procedures can make a difference in the company’s liability.
9. Secure Non-digital Data
Criminals have not forgotten about the old-fashioned way of stealing sensitive data and neither should businesses. Companies must still securely handle consumer information kept on paper or in any other physical form. For example, documents with sensitive consumer data cannot simply be thrown into the trash. Businesses must shred materials or use other means to ensure consumer information does not fall into the wrong hands.
10. Check the Security of Service Providers
A business can implement all the safety measures mentioned above, however, and hackers can still compromise consumer privacy if the business works with service providers who do not take reasonable safety precautions. Should this happen, the business would be held accountable. Therefore, companies must carefully vet who handles their consumer data and ensure their practices follow the highest safety standards.
11. Train Employees in Best Practices
Hackers continue to invent schemes and methods to defraud the unsuspecting. Businesses must therefore ensure their employees know about the latest threats, so they do not unwittingly hand over consumer information. Regularly communicating with employees about best practices can protect consumer privacy. Best practices can interrupt phishing schemes and ransomware attacks, among other threats.
Learn More About Careers in Cybersecurity Management
Protecting consumer privacy makes sound business sense, and the law requires it. Effectively securing the personal information of consumers involves undertaking a series of tasks under the guidance of professionals knowledgeable in cybersecurity. Discover how Tulane University’s Online Master of Professional Studies in Cybersecurity Management cultivates the skills needed to protect consumer privacy.
Department of Homeland Security, National Cybersecurity Awareness Month 2019 Toolkit
Entrepreneur, “A Seven-Step Guide to Protecting Customer Privacy”
Entrepreneur, “Does Customer Data Privacy Actually Matter? It Should.”
Federal Trade Commission, Financial Privacy
Federal Trade Commission, Protecting Personal Information: A Guide for Business
Small Business Trends, “10 Tips to Protect Your Business and Customers on Data Privacy Day”
Tech Funnel, “E-commerce: How to Protect Consumer Privacy”
TechRepublic, “10 Security Tips from the FTC on How to Protect Consumer Data”
TrustArc, 2016 TRUSTe/NCSA Consumer Privacy Infographic — US Edition