4 Ways to Prevent a Customer Data Security Breach

Share This Article

0 0 0 0 0 0

Capterra Affiliate Linking Policy

Capterra’s blogs aim to be useful to small business software buyers. Capterra participates in vendor affiliate, referral, and pay-per-click programs where available. This means after a content piece is written by our researchers, our affiliate manager converts existing mentions of vendors into affiliate links where possible and adds PPC links where appropriate. When readers click on those links, sometimes we make a small commission and when they make purchases, sometimes we earn an affiliate fee. That said, we do not accept free products or services from vendors in exchange for mentioning them on the site.

No Capterra blogs or blog posts are sponsored by vendors; further, our writers independently choose which vendors to cover and what to write about them. In fact, most of our writers are unaware of Capterra’s affiliate relationships.

If you have any questions about Capterra’s affiliate policy, including our impartiality or how to get your affiliate links on our editorial content, please email cathy@capterra.com.

A data breach dang near tops the list of unpleasant customer experiences. Customer Service done right should have access to a unique wealth of customer data, so it’s vital that teams take pains to keep that data secure.

Customer Data Security

From Target and Sony to state government websites to health insurers, no business or entity is exempt from cyberattacks. Here are four ways to help prevent a customer data breach.

Look Inward

You’ve decided who’s going to take charge of security. Your CIO or head of IT are natural candidates. Whoever it is, they have the responsibility, and authority, to make final calls on all hiring, vendor, and process choices which directly impact information security.

That authority is important to keep decisions centralized. A 2012 Brocade survey indicated that over a third of respondents had deployed cloud services without IT involvement. This is because team leaders think of IT as slowing the process down, and don’t understand the value-add of evaluating compatibility and security of cloud services.

For smart companies, Customer Service makes it rain. So smart companies ensure that the IT needs of Customer Service have high organizational priority. If you’re not seeing the movement and speed you’d like to, resist your “rogue deployment” urges and instead better communicate priorities to IT, and up the chain if necessary.

Get Buy In

At Forbes, Jacob Morgan advises companies to give the CIO a seat at the table. “In many occasions the CIO will report several levels down from the chief executive.”  A 2014 Ponemon Institute report showed that 31% of IT security teams don’t speak to company executives. This causes unnecessary confusion as IT doesn’t know what to prioritize, and executives don’t know why IT is prioritizing the way it does.

Security is very important, but it’s not any business’ only focus. Any balance will be based on incomplete information if stakeholders aren’t talking.

Be Choosy

Steve Durbin of the Information Security Forum predicted in late 2014 that vendor security would be an increasing challenge for overworked IT security teams in 2015. The data breaches at Target and Home Depot were accomplished through a third-party vendor. Last year’s highly publicized Snapchat leak (nicknamed “the Snappening”) only affected users who’d installed an insecure third-party plug-in.

This is why it’s important to run software by IT. Your security is only as strong as your weakest link. Third-party vendors which can access customer data must meet certain minimum data security standards.

Questions to ask a third-party vendor:

  • What are your access and security protocols?
  • Are you in compliance with corporate or government data/customer privacy rules?
  • What’s your data loss protection protocol?
  • What safeguards exist in SLA?
  • What’s the plans when we want to move data to another provider?


The less information you have floating around, the less likely it is to end up somewhere you don’t want it. It’s important to discriminate when you choose who has access to what data.

Whatever vendor you choose, be sure to create settings which restrict access to just the information necessary to make the partnership work.

For customer service software, SSL is default, and is definitely a requirement. Beyond that, some providers, such as Zendesk, allow you to restrict access so agents only see their own accounts.


Making sure someone is responsible for preventing a customer data breach, getting buy-in for best practices, being careful to ensure only people who need it have access to data, and scrutinizing vendors carefully will help you prevent a costly customer data breach.

What are you doing to keep your customers’ data safe? Let us know in the comments!

Looking for Help Desk software? Check out Capterra's list of the best Help Desk software solutions.

Share This Article

About the Author

Cathy Reisenwitz

Cathy Reisenwitz helps B2B software companies with their sales and marketing at Capterra. Her writing has appeared in The Week, Forbes, the Chicago Tribune, The Daily Beast, VICE Motherboard, Reason magazine, Talking Points Memo and other publications. She has been quoted by the New York Times Magazine and has been a columnist at Bitcoin Magazine. Her media appearances include Fox News and Al Jazeera America. If you're a B2B software company looking for more exposure, email Cathy at cathy@capterra.com . To read more of her thoughts, follow her on Twitter.


Thank you for this post, Cathy!
In my opinion for the companies that have critical information assets there are 6 basic steps to prevent a data breach:
– Stop incursion by targeted attacks
– Identify threats by correlating real-time alerts with global intelligence
– Proactively protect information
– Automate security through IT compliance controls
– Prevent data exfiltration
– Integrate prevention and response strategies into security operations

You sound knowledgeable! Let me know if you’d like to write a guest post on the topic.

Comment on this article:

Your privacy is important to us. Check out our Privacy Policy.