Important Security Issues Retailers Need to Raise About Data Storage and Access Control
Retail stores own enormous amounts of data, and that data needs to be stored securely. However, before you settle on a data storage system, you’ll need to ask yourself several questions. We’ll walk you through some of the most important questions you should be asking, so that you can be confident that you’re choosing the best data storage system for your company.
What type of data will my retail business be storing, and how should it be backed up?
Before settling on a data storage solution, you’ll need to determine the type of data your business needs to store. You’ll likely have POS information, item histories, customer histories, and more. The sheer amount of data that you have will determine your storage needs as well. Spend some time thinking about the types of data you store, and how much of it there is, as this will play a huge role in how you safely store data.
Because this data is so valuable, you’ll also want to be certain that it’s backed up safely. Viruses and malware are rampant—could you afford to lose all of that information? Probably not, so be sure that you also have a robust backup protocol in place.
Which employees will have access to my retail data?
Surprisingly, the biggest data threat that any company faces is its own employees. Yes, employees are often one of the more onerous security threats your data will face. Ex-employees, and even current employees, can be a threat to your sensitive information. Sometimes, these data breaches are entirely accidental. This means you’ll need to ask yourself who you can trust, and how much you can trust them.
How will I manage control of data access?
Next, you need to think about how employees will access and interact with sensitive data. Will they be accessing information via the cloud, and can it be accessed from any device with an Internet connection? Will the data be stored on-site, and can it only be accessed via a particular desktop or device?
Data can be stored in seemingly innocent places, too. Google Drive is one cloud storage solution, along with Gmail. An astonishing amount of data can be compromised via these common web storage systems. This doesn’t mean you shouldn’t use them, but it does mean that you should have protocols for how the data is accessed.
Are there any government regulations that I need to comply with in regards to data storage?
Certain government regulations, like the Sarbanes-Oxley legislation of 2002, require businesses to backup and keep data that they may have otherwise deleted. The necessity of keeping this information may even play a role in determining your storage needs.
Review these laws, preferably with a trusted legal advisor, to ensure that your business is operating in compliance.
How much data are you going to archive, and for how many years?
For legal reasons, more and more businesses are backing up their data, including email correspondence, for at least five years. You don’t want to hold on to every piece of data indefinitely (unless required by law), so spend some time thinking about what you’ll archive and how long you’ll archive it for. The best practices will vary based on your business’s needs and the type of data you store.
Like Visa suggests—if you don’t need it, don’t keep it.