Sponsored By

4 ways to keep personal data locked down

In a recent study on data breaches, the No. 1 type of information stolen by far is a password. Here are ways operations can keep data on the lockdown.

Angel Abcede

May 16, 2016

2 Min Read
FoodService Director logo in a gray background | FoodService Director

If you think hackers want your customers’ credit card numbers, think again. In a recent study on data breaches, the No. 1 type of information stolen by far is a password. Second are emails and third are usernames.

Cyber criminals can take information accessed through this kind of personal data and apply for a wallet full of fraudulent credit cards, say officials with Conexxus, the Alexandria, Va.-based tech advisory arm of convenience and fuel retailing association NACS.

“Living in the cyber-connected world, data can quickly and easily transmit anywhere at any time,” says Jarod Downing, CFO of Ricker Oil Co. in Anderson, Ind. Knowing where data resides leads to ways to protect it.

1. Payment data

What:  Credit- and debit-card numbers, including “track data” found on magnetic-stripe payment cards.

Where:  Point-of-sale, higher-end personal ID number pads, electronic payment server, back-office computer, company network and central database or server. Other devices with network access also could view data.

Ways to protect:  Make sure all devices have application control capabilities to “white list” programs. This allows only predetermined programs to operate. Other tactics include data encryption and segmenting the payment network.

2. Loyalty, marketing and sensitive data

What:  Information collected to run loyalty programs and communicate special promotions and internal information on pricing, sales and strategies.

Where:  POS, PIN pads, network, back-office computers, employee laptops and mobile devices and corporate servers.

Ways to protect:  Firewalls, passwords, employee training, limited access and strong authorization processes in place. Protect data via encryption, and use automated solutions.

3. Employee info

What:  Data needed to hire, schedule, train, review and pay employees.

Where:  Back-office computers, network and corporate servers.

Ways to protect:  Secure in the same ways as loyalty programs and business-sensitive data, implementing strong authorization models and strictly limiting access.

4. Third party

What: Information a third party would hold regarding people’s personal data, including customer and employee information or sensitive operational data.

Where:  On third-party computers, networks, devices and servers.

Ways to protect:  Write contracts stipulating security requirements, ask for certifications, demand proof of security claims and use vendors with strong reputations for maintaining high security standards.

A version of this story appeared in the April issue of CSP magazine, FoodService Director’s sister publication.

About the Author

Angel Abcede

Angel Abcede is the former senior editor at CSP magazine, covering industry trends, investigative topics, technology and tobacco. His 25-year history with the channel fortifies his perspective and motivates him to seek out what's relevant, innovative and telling. 

Subscribe to FoodService Director Newsletters
Get the foodservice industry news and insights you need for success, right in your inbox.

You May Also Like