{"id":23430,"date":"2023-11-21T14:10:05","date_gmt":"2023-11-21T22:10:05","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/11\/21\/news-17160\/"},"modified":"2023-11-21T14:10:05","modified_gmt":"2023-11-21T22:10:05","slug":"news-17160","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/11\/21\/news-17160\/","title":{"rendered":"Why less is more: 10 steps to secure customer data"},"content":{"rendered":"\n<p>In an advisory aimed at the protection of customers\u2019 personal data, the Australian Cyber Security Centre (ACSC) has emphasized that businesses should only collect personal data from customers that they need in order to operate effectively.<\/p>\n<p>While that may seem like kicking in an open door, it\u2019s really not. It\u2019s relatively easy to decide which personal data you <em>need<\/em> to have for a new customer. It\u2019s a bit harder to stop there. Many small business use pre-formatted questionnaires that ask for information they don\u2019t actually need for day to day operations, and it&#8217;s hard to keep track of data they no longer need.<\/p>\n<p>The advisory, titled <a href=\"https:\/\/www.cyber.gov.au\/node\/2370\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Securing Customer Personal Data for Small and Medium Businesses<\/a>, is written for small and medium businesses, but many larger corporations could benefit from it as well. The guide was written because data breaches against Australian businesses and their customers are increasing in complexity, scale, and impact.<\/p>\n<p>It outlines a few steps businesses can take to organize, minimize, and control the personal data they collect, in order to contain the impact of a data breach. With the growing tendency to do business online,\u00a0businesses have a responsibility to keep the personal data they collect safe.<\/p>\n<p>The ACSC recommends implementing 10 steps to secure customer personal data:<\/p>\n<ul>\n<li><strong>Create a register of personal data<\/strong>. Keep an inventory of the types of data you have collected and where they are stored. For example, a register of databases and data assets.<\/li>\n<li><strong>Limit the personal data you collect<\/strong>. Do not collect data \u201cjust in case.\u201d You don\u2019t have to worry about what you don\u2019t have stored.<\/li>\n<li><strong>Delete unused personal data<\/strong>. Probably the hardest step, it takes policies stipulating how long customers\u2019 personal data should be stored before it is deleted.<\/li>\n<li><strong>Consolidate personal data repositories<\/strong>. Consolidating customers\u2019 personal data into centralized locations or databases allows businesses to focus on key data repositories and apply enhanced security practices.<\/li>\n<li><strong>Control access to personal data<\/strong>. Employees should only have access to customers\u2019 personal data that they need in order to do their job.<\/li>\n<li><strong>Encrypt personal data<\/strong>. Full disk encryption should be applied to devices that access or store customers\u2019 personal data, such as servers, mobile phones and laptops. Customers\u2019 personal data should be protected by encryption when communicated between different devices over the internet. Additionally, businesses may choose to implement file-based encryption to add an extra layer of protection in the event that systems are compromised as part of a cyberattack.<\/li>\n<li><strong>Backup personal data<\/strong>. Backups are an essential measure to ensure an organization can recover important business data in case of damage, loss or destruction. Backups are also critical in protecting customers\u2019 personal data from common incidents such as ransomware attacks or physical damage to devices.<\/li>\n<li><strong>Log and monitor access to personal data<\/strong>. Implementing logging and monitoring practices can assist businesses in detecting unauthorized access to customers\u2019 personal data.<\/li>\n<li><strong>Implement secure <a href=\"https:\/\/www.malwarebytes.com\/glossary\/bring-your-own-device-byod\">Bring Your Own Device<\/a> (BYOD) practices<\/strong>. Businesses that employ BYOD policies need to have appropriate protections in place to ensure that this is done securely and does not increase the risk of data breaches. It\u2019s important <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/business\/2017\/10\/byod-why-dont-you\">to have a clear policy and rules to enforce it<\/a>.<\/li>\n<li><strong>Report data breaches involving personal data<\/strong>. Make sure you are aware of the existing local reporting obligations in case you are the victim of a data breach involving customers\u2019 personal data.<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p>Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-371336e6-815b-4134-8818-f944dbc308bb\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/business\/contact-us\/\">TRY NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2023\/11\/10-steps-to-secure-customer-data\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> The Australian Cyber Security Centre has provided 10 steps for small and medium businesses to store customers&#8217; personal data securely. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[21672,30527,1001,30528,32,14563],"class_list":["post-23430","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-2019-data-security-incident-response-report","tag-acsc","tag-business","tag-control-access","tag-news","tag-personal-data"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23430"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23430\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23430"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}