A data breach dang near tops the list of unpleasant customer experiences. Customer Service done right should have access to a unique wealth of customer data, so it’s vital that teams take pains to keep that data secure.
You’ve decided who’s going to take charge of security. Your CIO or head of IT are natural candidates. Whoever it is, they have the responsibility, and authority, to make final calls on all hiring, vendor, and process choices which directly impact information security.
That authority is important to keep decisions centralized. A 2012 Brocade survey indicated that over a third of respondents had deployed cloud services without IT involvement. This is because team leaders think of IT as slowing the process down, and don’t understand the value-add of evaluating compatibility and security of cloud services.
For smart companies, Customer Service makes it rain. So smart companies ensure that the IT needs of Customer Service have high organizational priority. If you’re not seeing the movement and speed you’d like to, resist your “rogue deployment” urges and instead better communicate priorities to IT, and up the chain if necessary.
Get Buy In
At Forbes, Jacob Morgan advises companies to give the CIO a seat at the table. “In many occasions the CIO will report several levels down from the chief executive.” A 2014 Ponemon Institute report showed that 31% of IT security teams don’t speak to company executives. This causes unnecessary confusion as IT doesn’t know what to prioritize, and executives don’t know why IT is prioritizing the way it does.
Security is very important, but it’s not any business’ only focus. Any balance will be based on incomplete information if stakeholders aren’t talking.
Steve Durbin of the Information Security Forum predicted in late 2014 that vendor security would be an increasing challenge for overworked IT security teams in 2015. The data breaches at Target and Home Depot were accomplished through a third-party vendor. Last year’s highly publicized Snapchat leak (nicknamed “the Snappening”) only affected users who’d installed an insecure third-party plug-in.
This is why it’s important to run software by IT. Your security is only as strong as your weakest link. Third-party vendors which can access customer data must meet certain minimum data security standards.
Questions to ask a third-party vendor:
- What are your access and security protocols?
- Are you in compliance with corporate or government data/customer privacy rules?
- What’s your data loss protection protocol?
- What safeguards exist in SLA?
- What’s the plans when we want to move data to another provider?
The less information you have floating around, the less likely it is to end up somewhere you don’t want it. It’s important to discriminate when you choose who has access to what data.
Whatever vendor you choose, be sure to create settings which restrict access to just the information necessary to make the partnership work.
Making sure someone is responsible for preventing a customer data breach, getting buy-in for best practices, being careful to ensure only people who need it have access to data, and scrutinizing vendors carefully will help you prevent a costly customer data breach.
What are you doing to keep your customers’ data safe? Let us know in the comments!
Looking for Help Desk software? Check out Capterra's list of the best Help Desk software solutions.