How Secure is Your Customer Data?

Protecting data isn’t easy.  Your customer information likely resides in hundreds of places throughout your organization, not to mention the data systems of any suppliers you may do business with.  And with customer data present in so many forms today, it’s critical to have a clear picture of how that data moves around on a daily basis and whether the processes you have in place to manage that data are secure. 

While many organizations often focus on protecting customer data at a single point – whether that be credit card information at the point of sale, order information stored on a supplier’s network or other vulnerable touch points – true customer data protection requires much more. Securing all consumer information, whether in transport or while it is stored, may seem excessive, but as external threats become more sophisticated and internal breaches by employees become more frequent, it’s just common sense.

Can you afford to compromise critical customer data?  What are you doing to protect the trust your customers place in you?  The following information discusses criteria and processes your organization, and business partners handling your sensitive customer data, should have in place to ensure data is kept secure and confidential. 

Adherence to the Statement on Auditing Standards
An internationally-recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), the Statement on Auditing Standards (SAS) 70 II serves as the industry-standard audit that demonstrates that handlers of confidential customer information follow effective internal controls, the highest security standards, and the tightest quality procedures to process sensitive, customer data. 

Widely-recognized, SAS 70 requires that organizations demonstrate robust, capable processes for the receipt, processing, printing, and distribution of confidential information with the appropriate safeguards to prevent unintended access to, and/or escape of, that information. Specific requirements must be met for all aspects of the people, places, processes and technology used to fulfill client needs.

SAS 70 compliance serves as an absolute filter for user organizations to determine whether the appropriate safeguards are in place for physical and electronic security of customer data.  

Controlled Production Areas
When customer data is compromised, external culprits can be first to take the blame.  However, organizations of all shapes and sizes often overlook the inside threat: unsecured production facilities.  When considering the handling of your secure customer data and the output – whether it’s customer statements, invoices, account communications, etc. – fully secured production facilities must not go overlooked. 

Key security features to look for or include in your own operations include:

• Caged inventory controlled access production areas
• 24/7 camera surveillance of entire facility
• Off-site security system monitoring
• Employee drug screen/background checks
• Escorting of all site visitors

What’s more, a document destruction plan should also be in place to prevent sensitive customer data from winding up in the hands of the wrong recipient.  Explore procedures for logging destructed documents and destroying via cross-cut shredding equipment.

Secure Electronic Communications with Business Partners
When customers turn over their personal information to your organization, they rely on you to keep it safe from external and internal threats.  The transmission of confidential customer data necessitates encryption, while internal policies and procedures (such as restricted network access) should protect data in storage.  If unencrypted files fall into the wrong hands, your customers could be open to invasions of their privacy or even identity theft, and your business could be threatened with potential lawsuits.

And, as more and more organizations make the migration to “paperless” environments – meaning records are stored in electronic formats – extra levels of security can be had through password protecting each and every data touch point, and having the proper firewalls in place to block unauthorized access.

It’s important for companies to realize that it’s not just their client data that is at risk if they don’t take steps to protect it; the company's own reputation is also at stake.

Taking action now when it comes to your customer data security can reduce exposure to security breaches, mitigating the risk of fraud losses, penalties, and operational and legal expenses that result from information security incidents.  Furthermore, these strategies send a clear message to your customers that you’re taking an aggressive stand to protect their information – and their identity.

At Standard Register, we not only pride ourselves in the security of our Customer Communications Solutions but we also maintain our commitment with an annual audit to assure our operations follow SAS-70 II standard.  To learn more about the stringent controls we’ve put in place for managing our client’s customer communications and sensitive data, contact us today.