Customer data never used to be a priority for technology firms. While companies collected basic customer data, there was no input after the products, devices, or software were sold. The cloud and the internet of things has changed that. Now technology firms and customers are constantly connected. Devices have access to people’s homes and their intimate moments. Protecting the information technology firms now hold is critical to retaining customer trust.

While the public is becoming more aware of data collection and potential privacy risks, that doesn’t mean they’re becoming comfortable with it. In fact, it’s the opposite; new regulations like the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act give individuals specific rights regarding how their data is used. Major data breaches like the Equifax incident a few years ago have led to Congressional investigations into how firms handle customer data.

Be Smart About User Data Management

To get ahead of the bad press and changing expectations, technology industry businesses need to have strong processes in place to protect customer data. To a large extent, the first step is being upfront about the data you collect and what you do about it. Build pages that clearly explain the data collected and allow users to opt in or opt out explicitly. Don’t request more access than your software or device needs to perform its basic functions. Even when the law allows it, don’t sell data to third parties without your users’ permission.

Build Strong User Data Protections

In addition to collecting only the data you need and not using it in ways customers don’t know about, a strong information security strategy is required to protect customer information. Strategies to use include:

• Encrypt data at rest and in motion. All stored data should be encrypted, as should data in transit.
• Restrict access to data. Only authorized users should be able to access customer information. Rather than assigning individual access privileges to employees, define roles and allocate privileges to those roles. Review the roles held by employees at least annually, and adjust their access rights to reflect any changes in their work responsibilities.
• Use firewalls and antivirus software to block malicious actors. Keep hackers from gaining access to your servers and data through firewall, antivirus software, and other defensive technology. If your servers are in the cloud, don’t rely on the cloud provider to protect you but develop your own defenses.
• Check system configurations. Many cloud services default to publicly accessible; many software products include default admin passwords. Verify all your systems are properly configured to be private and change all default passwords. Deliver your own products with default settings that provide high levels of data protection and privacy and warn users about the risks if they change them.

Get help with your security strategy from the certified security experts on the team at Prescient Solutions. Our consulting and managed services help Chicago-area businesses in the technology industry securely leverage information technology to meet their business needs. Contact us to learn more about how Prescient Solutions can help you keep your data safe.