February 6, 2019
The well-supported adage is that it takes years to get a loyal customer and only seconds to lose them.
One of the biggest mistakes you can make is putting your customers’ personal information at risk.
A recent survey conducted by Ping Identity reveals many consumers are making drastic changes to the ways they interact with companies and secure their own personal data following a breach:
- 78% would stop engaging with a brand online
- 36% would stop engaging altogether with the brand
- 49% would not sign up and use an online service or application that recently experienced a data breach
Due to the state of current as well as future regulation, sensitive data breaches now result in big fines, and even after the fines have been paid the damage to your brand could be irreversible.
Bigger the Footprint, Bigger the Risk
Hospitality, retailers, restaurants, and entertainment venues process and store a variety of personal customer information including Payment Card Industry (PCI) data which includes credit card information, names, addresses, phone numbers, personal preferences, and other sensitive information. Even with security measures in place, information often leaks out of secure systems.
Every time an employee transfers PCI data from one device to another it leaves a copy of itself — a footprint which keeps getting bigger each time a copy is made. These copies are often overlooked and according to recent analysis they’re the source of more than two-thirds of all breaches.
The good news is that rapid data discovery and accurate classification of sensitive data helps solve the problem. As data owners or users become aware that a file contains information that has been classified as sensitive they can change their behavior. By not replicating and passing on such files, employees help shrink a sensitive data footprint and therefore the risk.
Levels of Sensitive Data
Since sensitive data can have an impact on your company and the trust between you and the consumer, having levels of sensitive data can be helpful. Different levels should have limited access:
- Public – this could be any generic company information. Nothing proprietary and should not contain any consumer or customer information.
- Internal – this would include things like company memos. You would not want an outsider to be able to access this information.
- Confidential – this should have an added layer of data protection with limited access. This would include the personal data of an employee or a customer. It could also include a company strategy. Any time unauthorized access occurs with this information, it should be considered a breach, no matter if it comes from an internal or external source. Some things included might be:
- Quarterly plans and strategies
- The Social Security Number of a customer or employee
- Credit card information
- The ethnic origin, religion, political views, health, sexual orientation, etc. of an employee
- Home addresses
- Biometric data
Map and shrink your sensitive data footprint by:
- Knowing your data — Discover and understand the types of data, where it is, and who has access.
- Persistently identifying the most important data — Properly classify it so people, processes and technologies understand it.
- Setting policies — Understand your regulatory obligations and ensure your company complies with them.For example, you could set a system that any time sensitive data is added into a file or folders, the file should be re-classified accordingly. File activity can be monitored with a policy in place to reprimand the mislabeling of information.
- Have a system for data classification for folders that contain information. For example, a folder containing credit card numbers will likely have a higher protection level than a folder only containing customer names. Ensuring confidential integrity is crucial in building your trust relationship.
- Remediating the data — Wherever it resides, on-premise or in the cloud.
- Creating a culture of data awareness — Use automation to help employees and reinforce “good behavior.”
Processing and storing data all while trying to prevent data exposure can be a daunting task. Knowing how to shrink your sensitive data footprint can help your customers and employees feel protected.
Want to learn more about mapping and shrinking your sensitive data footprint? View our resources