follow us on twitter @elitebizmag find us on facebook connect with us on linkedin google+ page

The inside threat

Written by David Hathiramani on Wednesday, 04 September 2013. Posted in Cyber security, Technology

Offering a good level of customer service and staff satisfaction is the first step to keeping your data safe and secure, says David Hathiramani

The inside threat

The other day, I was chatting to a fellow entrepreneur about his database. His business is a proactive sales-based enterprise, where the relationship between the company and the customer is largely a personal one between the employee and their client.

An obvious question I asked was “how do you prevent your data from being taken and therefore the employees setting up on their own?” As this was a relatively small business, the systems weren’t sophisticated, and, in fact, most of the work was done on Excel spreadsheets. The answer to my question was that there wasn’t any technical protection, and any salesperson with the intent to steal the data could do.

At A Suit That Fits, we’re in a slightly different situation. We started our tailoring business from a technological point of view. Our business changed from manual processes involving Excel to more slick processes and databases as soon as we showed signs of scaling seven years ago. We now feel that our back-end systems and processes are the most advanced in the tailoring industry. This all helps us deliver to our customers as seamlessly as possible.

However, in order to look after our customers well, our staff need access to our customers’ data. Our team need to email our customers when their order is ready, or give them a call to find out how they are enjoying their garment. We have to allow our staff access to this data.

In fact, as we can see from the Bradley Manning or Edward Snowden cases in the US, organisations both big and small have the same problem: how do you prevent employees stealing data? 

 

Only grant access that is needed

You don’t have to give full access to every aspect of your business to everyone. Instead, plan access around what individual staff members need. This is a little more hassle than just giving access to everybody, but you can always grant access when requested, and this is a preventative measure. When designing new systems, you should ensure that ‘access control’ is considered during the building of it.

 

Restrict downloading

Many systems allow you to download reports and data. If at all possible, it is best to restrict this functionality to very trusted team members. Downloading a report to Excel and emailing it through a personal email address would be a tempting route to any would-be data thief.

 

Logging views of customer data

With any customer data, it’s always good (for a number of reasons) to log when your staff have viewed them. When designing and building a system, bear this logging in mind. The business can retrospectively look at suspicious activity or alternatively be warned if suspicious activity is happening.

 

Create dummy records

This is referred to as “seeding”. The idea is that your database has dummy records inserted with realistic looking records where the telephone number/email address is actually owned by the company. If they are ever used, then the business knows that it is a result of data theft. Remember to inform your staff about this, so it adds a layer of prevention.

 

Have clear contracts

You never want to go down the route of enforcing a contract if you can avoid it, but having a strong contract clearly stating that data theft is a breach can be a preventative measure. A good employment solicitor can help with the phrasing of this, and it is a comfort to know that you have good legal protection if the worst was to happen.

 

Recruit well

This is an obvious but often overlooked, avoidance method for data theft. Before we started A Suit That Fits, I worked as an IT Manager for a recruitment business. Recruitment consultants were taken on board who had previously worked for other agencies. Some of these recruitment consultants came with the promise of existing clients or candidates. Do your best to avoid these types. If they have stolen from a past business, then their moral bar is low enough to steal from you.

 

Build a great business

It sounds like a cliché but it helps to focus on creating a great business that utilises its data intelligently, rewards its staff for doing well, is ethical and ensures that customers are looked after well. This way, the probability of somebody having the will to steal your customer data should be far lower. After all, if they are rewarded for utilising the customer data well in your business, then why would they think about using it in another business?

At A Suit That Fits, while we have systems for preventing this kind of activity, our main focus is always on rapidly and constantly improving our business to ensure that we are the best place for new and returning customers to buy from, as well as an enjoyable and rewarding place for our staff to work. If we continue this focus, we hope it will be our biggest protection. 

About the Author

David Hathiramani

David Hathiramani

He may be co-founder of trendy suit retailer A Suit That Fits, but Hathiramani is also something of a closet geek. And the Imperial College Computing graduate is here to impart some of his wisdom about setting up an internet business.

Comments (0)

Leave a comment

You are commenting as guest.


Proud Partners

Strategic Media Partners

Event Media Partners