Theory & practice: The best ways to look after sensitive data

By Henry Brown

As we start to gather customer data and look at how best to use it, we need to be acutely aware of the impacts of misusing this information. As we develop our business, we can find that our relationship with the customer can sour because of the simplest mistakes. Ultimately, we have to care for the customer in every way, not just during our interactions with them. This means looking after sensitive information in the best possible ways. So how can we do this? Well, it’s all about adequate security.

Keep only the necessary information

We have to think about what would happen if hackers infiltrated our systems and stole this data. It’s far better for us to implement damage control and keep the information that is truly necessary for us. After all, the more information we have, the more we need to protect. Many companies save more information than they need, especially if they are working hard at developing a relationship with the customers. But if a data breach happens, you are, in essence, leaking your customers’ habits, choices, as well as highly sensitive information like bank details. It benefits the customer as well your business to only save the information you actually need. There is no point getting anything additional, and if you need extra information, for the time being, you need to get rid of it after you’ve used it.

Plan and prepare

We need to be ready for all eventualities. While so many small businesses find themselves chasing their tail, especially as far as the financial aspects are concerned, if you find yourself suffering from some sort of data breach, this may mean additional fines and loss of trust. It’s far better for us to have a plan in place way beforehand, not only so we can deal with the issue but to minimize any fallout. There are so many approaches we can undertake, but it all goes back to one thing, the structure. If we don’t have the right infrastructure in place, we end up suffering. It’s far better to take inspiration from those around us and look at what is successful. There are numerous resources to learn from, notably the Gartner MDM Magic Quadrant Report, as well as your peers and mentors. It’s a very difficult thing to implement, especially when you have little time and money, but it’s going to save your business.

Teach employee responsibility

Despite how much you value and trust your employees, it’s important to teach them not just the art of taking responsibility for their work, but also what to do if they suspect a colleague of committing fraudulent acts. This isn’t showcasing how we distrust our employees; having internal controls is common sense. It happens so much, an employee spends a long time with the company, getting their feet under the table, and becoming a valued member of staff, only for them to be caught stealing or operating some underhanded scheme for years on end!

As far as sensitive information is concerned, we must remember that our employees need to know how to guard against it loss via hackers, but also how to spot the signs that someone right next to them could be doing something fraudulent. It’s good common sense to teach our employees responsibility, not just for their work, but for the business. It’s your responsibility to cascade the relevant information in a manner that is easy to digest so your employees can get on with their day. It’s not just about a random email every now and again!

Store documents adequately

It’s not just about cyber-attacks; it can be as much about physical documents. Either way, we have to implement an adequate security system for the storage of both. There are numerous cloud storage services available for a monthly fee but when it comes to physical documents, you also want to be strict with your security measures. A locked room or filing cabinet is essential, but depending on the nature of the information, you may only want to allow certain people access. Or you may want to step up your security by installing digitized keypads where only certain people know the code. In addition to this, think about documents disposal. It’s not just about putting them in the garbage; ensure that you have a shredder on site, and this process of destroying data should be second nature to all the employees.

Have an inventory

As data can be stored across numerous platforms, from the cloud to flash drives and various computers, this makes for an easy transfer of information, but the more devices you have on-site, the higher the chance of the data falling into the wrong hands. Having an inventory where you know exactly what information you have it any one time and what devices they are on can seem like overkill, but if the time comes where you suffer a data breach, you’ll be able to locate the weak link in the system, and you may even identify the culprit if it’s done from within.

As there are so many ways a business can be infiltrated now, that means we really have to step up our game. Protecting information isn’t just about understanding what a phishing scam looks like, nor is it about having padlocks on every filing cabinet, but it’s a swift combination of technology as well as theory in practice. It’s far better to have these emergency protocols in place if something was to happen, and if we end up being on the receiving end of a data breach, we can find it a short-term hindrance, but at the very least, we’re able to keep everything intact, and won’t lose trust with the customer. This is why we need the best practices to look after sensitive information.


Henry Brown is an online marketing executive. When he isn’t talking shop, he’s roaming the streets of London, uncovering the extra-ordinary in the ordinary.


Leave a Reply

The Self-Employment Survival Guide can help you succeed. Learn all about it here.

Self-Employment Survival Guide book cover