Your customers entrust you with vital data. Are you doing everything you can to keep it safe? Do you sometimes wonder if your customer data is fully protected? It is a legitimate concern. The FBI estimates that U.S. businesses lose US $67.2 billion annually from computer-related crime. Personal customer data, in particular, sells for very high prices, including:

• ATM or debit card with PIN: US $500
• Driver's license number: $150
• Social security card: $100
• Credit card numbers with expiration date: $15 to $20

Create a Strategy

When dealing with something as invaluable as customer data, think about creating a unified strategy that incorporates the network, people, and tools. Security is like a chain: It is only as strong as its weakest link. Do not be tempted by a piecemeal approach. Instead, create a single, integrated strategy that focuses on return on value rather than return on investment. It helps to work with trusted vendors that can provide end-toe-nd security, from the network foundation to the most remote laptop. You should also find the right balance between security and usability. The more secure your network is, the more difficult it can be to use. Thankfully, you can take steps to help ensure that your customer data remains safe while allowing your employees to get work done.

Secure the Network

Many of the current piecemeal endpoint security technologies are reactive in nature and address only part of the universe of threats. Other standalone products, while effective in the small universe they protect, cannot begin to address the security needs of today's dynamic networks. A system-wide approach starts with the underlying network. Not only is the network where the data and applications are, but it is also the best place to develop and deploy policies, procedures, and tools for proactive security.

This philosophy guides the concept of the self-defending network, which is:

• Automated, defending against threats the moment they occur
• Integrated, embedding security services directly in the network infrastructure for a coordinated response with centralized:
  • Monitoring
  • Management
  • Control
• Dynamic, allowing trusted vendors or IT staff to quickly and easily deploy security services as part of the infrastructure
• Adaptable, so individual security products or services can work together as a cohesive security system

Use People Power

Never assume that network attacks will come from only outsiders. Loyal employees can inadvertently create security vulnerabilities, and disgruntled or former employees can cause considerable damage.

Technology can go only so far. Policies and procedures go a long way toward helping to ensure data security. Therefore, you should also:

• Establish and enforce strict security policies that define the "principle of least privilege" for each network user, giving access only to essential assets
• Develop and enforce human resources policies that:
  • Require background checks
  • Monitor employee behavior
  • Revoke network access upon termination of employment
• Conduct security assessments that identify exploitable vulnerabilities
• Develop broad authentication procedures with user- or device-based passwords
• Encrypt all data, including on laptops and mobile storage

Prepare for exposure and simulate attacks to hone coordinated responses with your team Prepare action checklists so your team can:

• Quickly classify attack types (such as a stolen laptop or compromised server)
• Take steps to stop each type of attack in progress
• Preserve digital forensic evidence
• Continually evaluate the effectiveness of your policies and procedures

Bonus tip: Train, train, and train some more. Your IT staff should be fully and formally trained on all of your hardware and software solutions and completely comfortable with your security vendor. Train end users by providing lots of practical examples, and make sure they know to contact IT when in doubt.

Stock Your Security Toolbox

Along with a solid network foundation and policies and procedures, the following checklist of solutions can round out your customer data security toolbox:

• Firewall
• VPN
• Intrusion prevention
• Virus protection
• Secured wireless network
• Anomaly detection
• Identity management
• Compliance validation

Continuously Back Up Your Data

A good customer data security plan might also include continuous data protection (CDP) because data is sometimes lost to hardware or software failure. Of course you can restore from the previous night's backup, but you could still lose hours and even a full day of transactional data. With CDP, there are no backup schedules. When the system writes data to disk, it also asynchronously writes it to a second location, usually another computer over the network. This method adds some overhead to disk-write operations, but it eliminates the need for nightly scheduled backups. Because CDP provides simultaneous backup, there is little chance of losing even a few seconds of data.

Many small and medium businesses are also installing behavior-based client software on all desktops and laptops to continually monitor computer behavior and proactively defend against damage to your network, even at the earliest stage of attack.

Sleep Well

So, there is no need to lose sleep over protecting your customer data. A well-designed security plan will protect your customers and force identity thieves to look elsewhere for confidential information.