Protecting Customer Data from Beginning to End

Effectively collecting and leveraging customer data gives companies a distinct advantage for sales and marketing initiatives. Capturing the demographics of shoppers for example can lead to more targeted advertising, which in turn can lead to a bigger bottom line. But while the benefits of collecting data are significant, it also introduces privacy and security concerns that continue to drive legislation, such as the General Data Protection Regulation (GDPR) and the recently-passed California Consumer Privacy Act.

The question of how best to gather customer data that can improve business while maintaining security, regulatory compliance, and honest and effective communication with customers is a critical issue for businesses regardless of their sector.

End-to-end protection of customers means protecting their information from the time it is gathered — e.g. web forms — to when it is stored in a database. It can also include sharing data securely with third parties. Given the realities of compliance and security, this can be a cumbersome process, even more so if a company is collecting data it either does not need or is not drawing clear value from.

One of the first questions business leaders should ask themselves is whether they are collecting information that is necessary to business operations and/or can create new efficiencies and opportunities. For example, email addresses, names, and data about customer behaviors and attitudes can improve outreach efforts. But keeping other types of information, such as credit card data, may introduce security and compliance concerns that outweigh the benefit of customer convenience.

Once the decision about what information needs to be gathered and what will be stored, there are several security considerations that come into play.

Securely storing data

Any application that users leverage to interact with a business needs to be secured from vulnerabilities. Two of the most problematic of these issues are SQL injection and cross-site scripting.

In a SQL injection attack, a threat actor exploits a vulnerability that enables them to manipulate a web application’s database server. This can be used by an attacker to alter or steal data and remains one of the most common application security vulnerabilities impacting organizations today. Cross-site scripting is another and allows attackers to execute malicious scripts on a website or web application that will in turn deliver that script to victims who use the site.

Input validation is an important safeguard against these kinds of injection vulnerabilities, as it ensures only properly formed data is entering an information system. This prevents malformed data from causing malfunctions or unauthorized actions. For example, if the input requested is a telephone number, there should be no alpha characters. If an application sees anything other than the correct number of digits, it should reject the entry to avoid malicious code.

Network security

Beyond secure coding practices and the patching of vulnerable applications and systems, strong attention needs to be paid to network security. Controlling access to sensitive data and assets is critical, and web application and network firewalls give organizations a tool to block attack traffic. Only users who have a legitimate business need to access sensitive data should be able to do so.

This requires businesses have an identity and access management strategy that divides their employees and contractors into groups and assigns access privileges according to the requirements of their roles and responsibilities. Underlying this strategy should be a mandate for strong passwords and multi-factor authentication.

Data encryption

Decisions to encrypt data should be guided by compliance regulations, such as PCI DSS, as well as the business-criticality of the data and the impact it will have if it is compromised. Tokenization is another option that can be considered as well. If data is going to be shared and sold to third parties, the same level of security implemented by the business should follow the data on to its next location.

Data deletion

The final stage of protecting data is the data deletion process when the data is no longer needed.  This involves securely removing the data from all systems and typically involves overwriting the data with random passes of ones and zeros, so that it cannot be reconstructed. Like encryption, there are sometimes compliance regulations that should be used to guide this process. If done improperly, sensitive data can be stolen or compromised and lead to possible fines, fraud, and reputation damage.

Reputation damage

Reputation damage is a huge aspect to consider when storing data, and the level of transparency you’re providing customers. As the recent uproar over Facebook’s data privacy scandal shows, customer backlash can occur if people feel personal information is being shared without their consent. Adding to the situation is the fact that compliance regulations may also have rules around this. GDPR mandates companies disclose what data they are collecting and storing, for what reason, and who the data will be shared with. To avoid fallout, when businesses decide to collect or share data, they should present an opt-out option in their privacy statement that is clear and easily understandable and also provides customers with granular choices regarding each data element.

By taking steps to protect customer data from beginning to end and being upfront about what data is being collected and shared, organizations can leverage that information to improve their operations while minimizing the risk of data breaches and the loss of customer trust.

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals