There’s been plenty of attention lately on data breaches and misuse of customers’ personal information at large companies lately from Facebook to MyFitnessPal to Chase.
But if you’re thinking this is a problem for only big businesses, think again. Most small businesses keep plenty of information about their customers on hand, with protection for that information woefully inadequate.
Here are four tips to improve your operations.
1. What do you have?
The first step in developing an effective plan to protect your customers’ privacy is to make sure you know what information you are collecting. There’s the obvious, like Social Security numbers if you have an F&I department, but there are other data to think about as well.
Do you have a “Contact Us” form on your website that collects contact information? Are your salespeople getting cell phone numbers while dealing with a potential client? Is your service department using email addresses to send out service reminders? All great, valid ways to serve your customers, but all potential weak spots, as well.
2. Do you need it?
In many cases, there are limits on how long you can legally keep certain information and this can vary from state to state. Beyond the legality, do you need that information? Credit card numbers are a good example. Once you’ve completed your business and bookkeeping, don’t hang on to them if there’s not a recurring transaction.
3. Where is it?
Identify where that data is stored and make sure it’s being protected. In some cases, this is fairly easy. Computers should be password protected. Access to files should be limited to those who have a legitimate need for it.
Personal devices, especially cell phones, can be a significant weak spot for many companies. Most likely, employees have plenty of customer phone numbers and email addresses on their phone or iPads. Make sure you have a policy that requires employees to use the most secure settings on their phones, such as using passcodes or fingerprint identification.
By setting up the remote wipe feature, users can remotely remove all data from their phone if it’s lost or stolen. Remind employees to be careful what websites they visit or apps they download – a smartphone is really just a small computer and they need to be as careful with it as they would be with their laptop.
4. Train your employees
No policy will work if people aren’t obeying it.
Have a written policy in place, and have employees sign that they have read and understood it. Run regular security audits to make sure the company’s plan is being followed. When you see a mistake, call people out on it.
Stress the importance to employees at weekly sales or department meetings. Make sure your employees know to keep an eye out for anything out of the ordinary when it comes to security and to watch out for common attacks like phishing emails.
Finally, make sure to change passwords and access codes when an employee leaves the company. Even if an employee leaves on good terms, it’s not a smart idea to have any ex-employee that has access to important company information.
* * *
I’d also like to take this opportunity to recognize the Top 100 Leadership Alliance. These are the companies and associations that make it possible to honor the best boat dealers in North America. We couldn’t run this program without the support of this great group of industry leaders: Wells Fargo Commercial Distribution Finance, Volvo Penta, Manheim Specialty Auctions, Brunswick Dealer Advantage, Sunbrella Marine, the Marine Retailers Association of the Americas and the National Marine Manufacturers Association.