Keep Your Data Secure — For You AND Your Customers
Eric Holmen, president of SmartReply, is troubled by the amount of data for voice and mobile technology being managed in non-secure facilities, or even overseas, where data security requirements are compromised and not under the oversight of U.S. federal laws. According to Holmen, “Any time a company gives even the smallest amount of customer data to a third party, they need to cover the basics.”
1. Keep it close to home. Make sure your customer data never leaves U.S. soil and never touches a server outside of the country; no foreign transit of data or removal of data out of U.S. federal jurisdiction. Data can pass over many other systems in-route and unbeknownst to the client or service provider, it could be compromised.
2. PCI DSS testing by a reputable firm. Short for Payment Card Industry Data Security Standard, PCI DSS was developed by the major credit card companies — VISA, MasterCard, Discover, American Express and JCB — as a guideline and industry standard test to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing card payments must be PCI compliant or they risk losing the ability to process credit card payments.
3. Penetration testing. This is a test conducted by hired hackers around the globe, as they attempt to break into your systems at random times, by subtle and aggressive means. It’s an intense procedure but thoroughly necessary.
4. Network facility site visits. Nothing beats a facility site visit to gauge how data is processed by your marketing providers.
5. People. A system is only as good as its people. Get your provider’s organization chart with phone numbers, call a couple of people, and interview them. Remember that these people could be looking at your customer data. You have the right to know who they are, and it only takes 30 minutes.