While it’s important to properly secure any customer data, it’s especially important to secure PII because it can often come with greater consequences if compromised. For example, you could be held liable and face hefty fees if you lose PII because it’s is highly regulated in some industries. While this is not an exhaustive list, here are 12 key measures you should consider when protecting PII data.
1. Encrypt PII data
Complying with the specific PII data encryption requirements pertinent to your customers’ industry, jurisdiction, and technical frameworks is one of the best ways to secure PII data. Encryption helps protect your business and your customers from cybercriminals hoping to steal your data, as it makes it difficult for bad actors to decipher the information even if it falls into the wrong hands. All data has a lifecycle—at rest, in motion, and in use—so you should encrypt your data at all stages.
2. Create a strong password policy
Strong passwords are crucial to keeping your data and sensitive information safe. Strong passwords are usually at least eight characters long. They include special characters, upper case letters, and lowercase letters. Avoid using common phrases or personal information in your passwords and have a policy in place for users to immediately change their passwords if any suspicious activity is detected. You should have a unique password for every system, site, and platform and never use the same password twice.
3. Utilize multifactor authentication
Two-factor or multifactor authentication adds an extra layer of security to the standard online identification system (account name and password). With two-factor authentication, you’re prompted to provide additional verification that helps confirm your identity. For example, two-factor authentication might involve entering an SMS code that gets sent to your device or using biometric data such as a fingerprint scan.
4. Create backups
Backups are a crucial part of helping to secure your PII data. The 3-2-1 backup rule is a useful and simple place to start. This rule entails keeping three different copies of your data on at least two different media types, with one copy in an off-site location.
5. Practice smart data disposal practices
Data disposal and destruction is a fundamental step to protecting sensitive information. When PII data is no longer needed for the specific purpose for which it was collected, it should be destroyed to help prevent unnecessarily exposing it to risk of being compromised. Various industries have different regulations around minimum retention times or data destruction, so make sure to work with your customers to create customized policies to properly dispose of data when appropriate. Establish a well-documented security policy and ensure your technicians fully understand the data destruction process so they know how to dispose of data securely.
6. Stay on top of updates
Updates seem like an obvious and simple step towards protecting sensitive data but keeping on top of all of them can become overwhelming when dealing with hundreds or thousands of programs and devices across an entire MSP’s customer base. Despite this potentially daunting task, failing to update devices and systems creates vulnerabilities that hackers can exploit. To help ensure you don’t miss an update or a patch, MSP patch management software—designed for this specific purpose—can go a long way in simplifying this process.
7. Establish secure remote work policies
As remote working becomes increasingly prevalent, it’s important organizations ensure employees follow secure best practices even when they’re off-premises. For example, cybercriminals often target public Wi-Fi spots to steal PII and sensitive information. To keep your data safe, all employees should avoid using public Wi-Fi when working remotely. Secure Wi-Fi is much harder for cybercriminals to exploit and is just one easy precaution users can take when working from home or another location.
8. Offer a secure VPN
For additional security, make sure your employees are encouraged to take advantage of a Virtual Private Network (VPN) application. It will encrypt your connection to the server and allow you to access a private network while sharing data remotely via the public network. This should be a last resort if public Wi-Fi is absolutely necessary.
9. Raise threat awareness
There are three key ways a criminal can access your data with minimal effort—that is, without even needing to use sophisticated digital methods. These three ways are:
- Shoulder surfing: when a threat actor accesses your data by simply looking over your shoulder to see information on your computer screen or tablet
- Tailgating: when a cybercriminal tries to gain access to your physical location by using your credentials
- Dumpster diving: when cybercriminals go through the physical garbage of an organization in the hope of finding PII data
Encouraging your technicians and customers to be as threat-aware as possible can help decrease the chances of PII data being stolen without their knowledge. Ensuring any documents that discuss PII data are properly disposed of (for example, if it’s a physical document—use a paper shredder!) can make all the difference.
10. Practice device locking
Somewhat related to raising threat awareness, device locking is important because it assumes there is always a potential threat—especially if your device is left unattended for any period of time. For example, if you leave your laptop in the office overnight, make sure you’ve locked it so it’s password-protected before you leave. Bad actors will take any opportunity to infiltrate your device—enabling a simple auto-locking feature on a device can help prevent data loss.
11. Conduct regular staff security training
Users are often the weakest link when it comes to security. It only takes one user’s mistake for a cybercriminal to infiltrate the network. For example, phishing scams are highly preventable if you know what to look out for—but many users are unable to distinguish a sophisticated phishing attempt from a legitimate request. Conducting staff awareness training (or customer awareness training) can help better prepare your users to recognize a scam.
12. Use the appropriate tools to maximize security
There are many tools available on the market today designed to maximize an organization’s security in the face of increased cybercrime. Such tools can include firewalls, antivirus software, antimalware software, and much more. When securing data on behalf of your customers, such tools can make a big difference in allowing you to provide efficient and effective service. Taking your time to research your options and find tools that meet your specific needs can allow you to achieve a more comprehensive approach to security.
The right tools for securing PII data
With so many tools to choose from, choosing an all-in-one remote monitoring and management solution is a great option that allows you to accomplish a multitude of tasks from one dashboard. Especially as you strive to provide exceptional service, choosing a tool that compiles the power of multiple tools into one can help increase productivity and keep customers happier.
If you’re looking to get up and running as fast as possible, SolarWinds® Remote Monitoring and Management (RMM) software can help. This software provides an all-in-one suite of tools designed to help you maintain and augment your customers’ IT systems, making it easier to help secure PII data on their behalf. RMM is a powerful tool with a user-friendly dashboard that makes it easy for technicians to highlight issues and prioritize tasks. RMM includes fast remote access, patch management, managed antivirus, web protection, data-breach risk intelligence, and backup capabilities. To learn more, access a 30-day free trial here.
If you’re an MSP that’s more interested in expanding your customer base and offering them powerful, customized capabilities, SolarWinds N-central® might be the better fit for you. On top of the same robust security features as RMM, N-central also offers PSA integrations, a script editor to reduce the need for coding, and layered automation capabilities to free up your technicians’ time. These all-in-one capabilities make it easier for your technicians to maximize security across your diverse customer base and help protect PII data, regardless of the industry. A 30-day free trial is available for MSPs who want to learn more.