{"id":23323,"date":"2018-08-02T07:54:32","date_gmt":"2018-08-02T11:54:32","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=23323"},"modified":"2019-11-15T06:34:49","modified_gmt":"2019-11-15T11:34:49","slug":"customer-data","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/customer-data\/23323\/","title":{"rendered":"Who has access to your customers’ information?"},"content":{"rendered":"

Do you know who has access to the data your customers entrusted to you? Are you absolutely sure you know? Can you be sure your employees are handling this data properly while working with it? Nowadays many online tools and cloud<\/a> services help simplify in-team data exchange \u2014 but simplification of exchange can lead to complication of data protection.<\/p>\n

What can go wrong? In a word, everything. Most problems come down to common mistakes: someone sends corporate data to personal e-mail to work from home; an employee uploads data to a file-sharing service to be able to access it while traveling; the team works with an online version of a document that can be accessed from a direct link; cloud services are misconfigured. According to our recent survey, \u201cGrowing businesses safely: Cloud adoption vs. security concerns,\u201d 58% of SMBs use various public-cloud-based business applications to work with customers\u2019 data.<\/p>\n

Don\u2019t forget about classical pre-cloud-era mistakes, either. Working with data on personal unprotected mobile devices, or carrying it on removable media that can be lost or stolen, remain popular ways to put customer data at risk. Others include disposal of printed copies of that information into common trash, or allowing access to the information by unauthorized employees.<\/p>\n

Potentially, that data can be used by different parties \u2014 competitors, disgruntled employees, cybercriminals \u2014 to harm you in a variety of ways such as tarnishing your reputation or holding data for ransom.<\/p>\n

Keeping and processing your customers\u2019 data safely requires not only robust protection that extends to the cloud, but also certain internal measures. Businesses that operate in Europe and fall under the jurisdiction of GDPR should already be familiar with the concepts. However, they still need to keep in mind that the information they need to protect is not necessarily limited to \u201cpersonal data.\u201d<\/p>\n

To be sure that the information your clients entrust to you will not fall into the wrong hands, you need to know what data you are working with, which employees have access to it, how it is processed, and how it is disposed of. Get started by:<\/p>\n