Customer data security is client-facing and company-facing.
Information security is a set of cycles within cycles within cycles, all affecting each other. The discovery of a new exploit, the arrival of a new type of ransomware, or the news of another breach all have direct impacts on your customers and the safety of their data. A dynamic approach is the most effective way to safeguard the data with which you’re entrusted, but what does “dynamic” actually mean in this context?
Dynamic Means Always Moving
The short answer is that instead of waiting for the next breach, you act to protect customers in as many ways as feasible, all the time. This has two sides: one client-facing, and the other company-facing.
On the company-facing side, it involves both sensible precautions and analyzing possible threats. Passwords, for example, can be protected in multiple ways. You can hash and encrypt them, implement two-factor identification, require regular password changes, blacklist bad passwords, change lost password procedures to reduce social engineering, limit incoming customer assistance calls to one phone number, and employ a host of other approaches.
However, all that only goes so far. The customer-facing side of passwords includes educating them about good passwords, explaining why these policies are in place, balancing the need for convenience against the need for safety, and offering guides to avoid spearphishing and social engineering techniques. For example, you might inform customers that you don’t call them on certain topics, and if they are contacted, they should call your customer assistance line directly, instead of the number a “representative” may give them.
Why do you need to do all this work?
Becoming a Difficult Target
It’s not just about scanning.
Anticipating threats is a good way to head them off. Many of those attempting to cause, or exploit, a data breach are simply the online equivalent of vandals or petty thieves, looking for something easy to deface or steal. The more difficulty they encounter, the more likely they are to simply move on to the next target.
Anticipating threats also helps protect you against accidents, by reducing the likelihood that they will occur. Many data breaches unfold not because of active malice, but because of mistaken settings on a server, posting private data publicly by accident, and other problems. Having steps in place to guard against these errors won’t just keep them down, but will educate both your team and your clients about how to protect themselves and others.
Finally, a dynamic approach means that you consider what a known risk is and what may be on the horizon. Dynamic approaches are needed because the information technology sphere is dynamic, with new challenges and opportunities uncovered daily. Exploits like the recent Meltdown and Spectre, which found weaknesses in devices at the processor level, underscore that there’s no place to rest on your laurels.
This isn’t a bad thing. Even in the real world, any security expert will tell you that if you stop, you’re putting your clients at risk. A dynamic approach to client safety means that when you face the next challenge, you have the momentum to surmount it. Read our Data Security page to learn more about Rocket Receivables’ approach to client security. And if you currently have a need for secure debt collection, buy now.