Security Market Segment LS
Thursday, 19 January 2023 23:00

How to secure your customers’ personally identifiable information against compromise

By M-Files

The challenge of securing customer information has never been more apparent. Organisations are failing to appropriately protect their customers’ data, leading to financial loss, reputational loss, and legal issues. Securing personally identifiable information (PII) is especially challenging for larger enterprises as they often store significant volumes of data across multiple repositories, which numerous stakeholders use.

No matter how businesses use their customer data, they are responsible for protecting it under the Privacy Act 1988 (Privacy Act). Furthermore, if an Australian business has European customers, they are also required to protect PII under the general data protection regulation (GDPR).

M-Files director of security and compliance Saara Hasu-Varttila said, “Businesses of all sizes have adopted data loss prevention (DLP) best practices and strategies to minimise risk. However, those with a DLP strategy should understand that it isn’t a surefire way to stop data loss. Instead, organisations should consider implementing a document management solution that classifies and separates customer data from business-critical data so it can be appropriately managed to maximise protection.”

As data breaches involving PII and private data gain momentum, businesses must consider implementing the following five best practices:

1. Discover and classify PII

Data discovery and classification are often-overlooked components of an organisation’s DLP strategy. As the name suggests, data discovery tools scan applications, networks, and endpoints for PII, which is then classified into sub-groups by tagging the data. This approach makes it easier to track data and ensures businesses have complete visibility into PII across their entire environment.

2. Only collect and store what’s necessary

Another way to protect PII is to limit as much customer information as possible and only collect what’s necessary. Companies must also take reasonable steps to destroy or de-identify the data they hold once it’s no longer needed for its primary purpose, for example, outdated employee records, lapsed customer records, and PII found on unused devices.

3. Enforce a least-privilege policy

The principle of least privilege (POLP) enhances the security of an application, network, or technology environment. Implementing the least-privilege model limits users’ access rights and provides only enough access to perform the required task. With defined access permissions, there is less risk of an attack or user error.

4. Avoid data silos

Data silos may seem harmless, but they’re essentially magnets for cybercriminals and can lead to significant data vulnerabilities. When data is stored in different places, businesses can lose track of where their data is and may not even realise they’ve had a data breach. By eliminating data silos, organisations can use data more effectively and better comply with data privacy regulations.

5. Leverage real-time monitoring

Real-time monitoring is more than just a routine exercise. With a smart document management platform, companies can take advantage of automated background services that increase data security by constantly checking for new files and information. It can also flag suspicious activities across the entire environment that are potentially insider threats.

Data breaches are reaching an all-time high and affecting businesses of all sizes. Recent high-profile data breaches on leading insurance and telecommunications providers are prime examples of just how exposed customer information is and the damaging effects that occur when it falls into the wrong hands.

Saara Hasu-Varttila said, “It’s imperative for organisations to review current personal information handling practices and ensure they have a robust data breach response plan. And, while not all businesses are required to comply with Australian or European privacy laws, they must appropriately collect, handle, and store the PII and private data they hold to cultivate customer trust and minimise the risk against external threats. With the right document management solution, organisations can proactively discover and classify PII, gaining insight into the data they hold and the steps they need to take to manage and protect it effectively.”


Read 1222 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News