Boivin suggests that rental businesses need to invest in software that manages user rights in multiple dimensions to control employees' access to sensitive data. "It must offer both security and flexibility," he says. "[Rental businesses] also need physical access and Internet policies and procedures in place. The SaaS offering allows them to take advantage of high security of data at a low price."
Nguyen points out that some effort also needs to be put into effectively managing your staff. "It doesn’t matter what security measures are in place by the SaaS providers; there must be a good foundation at the rental company. One of the biggest areas of data theft occurs from within the organization. Have a process or plan in place to make sure any employee who is terminated does not have access to data once they are let go."
Some additional practical suggestions for protecting your business data include physically protecting your server by locking it in a room instead of having it under the front counter or a desk, Shaffer suggests.
Also, "Use disk level encryption on laptops and any removable devices such as flash drives. This will ensure that even if stolen, data on these devices cannot be used," says Shaffer. "Destroy old backup tapes, DVDs, CDs, etc. and use an Internet service to automatically make backups."
Saint advises that individual businesses should refrain from storing customers' credit card numbers in their own system. "We offer a credit card processing service through [a third party] which sends us an encrypted account ID instead of the actual credit card number. This way, we don't have customers' credit card numbers in our system."
Lastly, Shaffer suggests using strong passwords, i.e. 10 to 20 characters that are not common words and contain symbol characters such as @, ? and $.
As more and more rental businesses build mobile websites and apps to enhance their availability to customers, businesses need to be aware of the potential effects this can have on the security of their business and those of their customers.
"The number one thing to remember is to take security seriously from day one of the development process," says Shea. "This may seem obvious, but it’s not happening right now with a lot of mobile development - in part because security hasn’t been a priority in the rush to launch this functionality. As a result, mobile apps and sites are becoming vulnerable targets for cyber criminals."
He continues, "It’s not much different from what happened with personal computers early in their market explosion. There was a period where hackers had a field day until software security caught up. Why repeat that cycle? And with mobile technology, there is the added risk of alienating customers if your app or website exposes them. The novelty of being able to connect to you 24/7 from a smart phone will wear thin very quickly for a customer whose private information is compromised."
Nguyen agrees, adding, "As the industry moves toward Web 2.0 sites, we find that companies are rushing to add new, cool features and often leave security as an afterthought. Businesses need to remember the importance of securing their data to protect their customers and their own reputations."
Boivin points out that rental businesses should take care to ensure that data don't reside on the personal device. "In case data get lost, the content should be deleted with a quick and simple procedure. The access to customer information, in particular, should be highly secured as it could damage the business' reputation and lead to loss of customers if accessed by unauthorized persons. Businesses should regularly audit access to websites to ensure compliance to security policies."