Data Security in Insecure Times
by Bob Moore
Bob’s Data Processing Tech Tips
Volume 3 – Data Security in Insecure Times
As marketing budgets get tighter, the asset that you have in your database becomes even more important. Are you or your service bureau doing everything you can to protect this valuable resource? Now that databases are much more accessible - files are emailed, PCs can store large databases and more data processing is done through the web, it may be time for a security check-up. This month, my tech tips concentrate on the all-important issue of data security.
Tip Number 1 – Back Up
The list of things that can destroy your database and access to it are endless. Hardware failures. Power outages. Computer viruses. Even plain human error. Never have only one copy of your database and never have just one way to access it. Back it up. I recommend backing up your database every day if you use it a lot and at least each time you add or delete names or do any data hygiene work. Keep one copy off site and another copy near by in case you need to restore data quickly. But keep both in a secure place. If you use a service bureau, make sure they also follow these prudent backup policies everyday. Further, your service bureau should be coding your data, not labeling it with your company name, so that someone looking to use your database will not identify it easily. And, if work is in process, the interim data files should be backed up as well. Should a hard drive crash, you don’t want to lose days of already processed work.
Tip Number 2 – Redundant Systems
Even if your data is safe, there is still the possibility that the way you access it may fail. What if your internal database administrator is on vacation? Or your service bureau folds? Or your lettershop’s system is eaten by computer viruses? You don’t want to find out the hard way that you’re not able to make a mailing date because of issues outside your control. Find a second resource that can complete your work and get you your data in a pinch.
Tip Number 3 – Verify the Back Up
This is an easy step to forget. Don’t forget to check that your backup worked and occasionally go through the drill of restoring. Think of it as a fire drill for your database and go through the process of looking carefully at your data backup and also of restoring the data on your system and your redundant systems. There’s great peace of mind in knowing that if the unthinkable happens, you not only know that your data is safe, but that you’re expert in getting it back where it belongs.
Tip Number 4 – Make Sure Lists Don’t get Mixed Up
Even if you know your data is safe and you know how to get to it in any instance, be sure that you’re using the right data. There are simple ways to keep data straight and to verify that you’ve got it right. Don’t name different lists or cells in your database “Acme Company Data”. Be specific. If you’re sending files for a merge/purge or for suppress, name them accurately and in a way that there can be no mistake. “Acme Company Do Not Mails” is less likely to be mailed than “ACMELst1”. Again, if you use a service bureau, make sure they’re even more careful. They process mailings lists for many clients. Find out what their procedures are to make sure that your data doesn’t get mixed up with another client’s.
Tip Number 5 – Verify Counts to make sure the right data is being used
One of the easiest ways to make sure your data is secure is to look at the counts off the database and any reporting you get. You wouldn’t ignore checking at least the bottom line of your bank statement each month – why wouldn’t you take the time to make sure that you still have the right number of names in your database? And that after processing, that the records came out to pretty much what you expected? A lot of data processing errors are caught when a report shows a figure that is unexpected. Don’t shrug things off – if something seems off, it’s a good time to verify processes.
Tip Number 6 – Pay attention to access
There is a reason that you don’t hand out access to your data to everyone who walks in the door. It keeps it secure. But have you kept your access up to date? And have you made sure that everyone understands that the data is meant to be kept private? Everyone who has access to your data should sign a non-disclosure agreement. And everyone who has a password to access your data should still be at your company. If you change agencies or service bureaus, ask for your data back and get written confirmation that they no longer have copies. And make sure to change passwords and access every few months and immediately if a key database employee or vendor leaves.
Tip Number 7 – Data Security from Hackers
As with any private company information, make sure your data is safe from hackers or others from outside your organization. If your network is open to the Internet or some other external network, make sure a firewall is in place and operating correctly. Firewalls not only afford security, but provide an important logging and audit function. A good firewall can be configured to report on what kinds and the amount of traffic passed through it, such as your valuable mailing list.
Tip Number 8 – Data Security through the Internet
The Internet has added a great deal of convenience to data processing. Lists fly over the Internet and arrive in record time. But is it really safe to send your data through the Internet? Ensure data security by using encryption for transferring data by email or by FTP. A current and popular method for encryption is known as Pretty Good Privacy (PGP for short). It works with email and FTP data transfers, is easy to use, and best of all, the technology to implement PGP is free – just surf the internet to download what you need. And check and double check email addresses before you send. It’s not a bad idea to cc: yourself when you send a file and also to call the person that you’re sending the data to before it goes.
Tip Number 9 – Seed names
Seed names are great. They keep honest people honest and provide a final check that your data is safe and that it is being used for the purpose you’ve set. Put names throughout your database to check for you. Don’t just use yourself and your boss at your company address. Any good direct marketer can find the seeds in your list if you do that. Make it difficult to identify seeds by putting in individuals throughout your database and throughout the country. Use unique variations of a seed’s name so that they always know when they get something from your database – like a different middle initial or a made-up company name. Have your seeds report all communications to you. If your seed in Chicago gets some mysterious mailing, a third package when you’ve authorized two or a telemarketing call when you don’t allow telemarketing on your list, you have a way to close the loop on security
Most of the time data processing goes smoothly and everyone is honest. But a bit of well-placed paranoia can bring in a safety net that ensures that disaster doesn’t hit you right where it counts.
Give us data. Get results.™ |
