We’ve all seen the headlines regarding the customer data breaches that have occurred in recent years at companies such as JPMorgan, Home Depot and Target. Although these examples happened electronically and with large companies, this doesn’t mean a data breach can’t happen to your funeral home. The last thing you want to see is your firm’s name on the front page of your local paper due to the theft of your customers’ data.
The topic of data breaches brings to mind an incident involving a funeral home that experienced a break-in. The funeral home’s staff was concerned the thief may have had access to their customers’ personal information. Homesteaders worked with the firm to ensure any policies issued by Homesteaders and assigned to the funeral home had adequate protection from a potential privacy breach.
Funeral homes maintain significant private data on their customers, such as addresses, dates of birth, bank account and credit card numbers, next of kin, etc. Funeral home staff members need this data to be able to serve customers, but it could become the target of identity theft if it isn’t properly secured.
Customer data needs to be secure whether you store it electronically or on paper. In addition to network firewalls, some basic methods of protecting electronic data include keeping your anti-virus software updated and requiring strong, frequently changed passwords to access data.
For data in paper format, make sure the documents are in locked filing cabinets or locked rooms with limited personnel access. Black out the beginning numbers of Social Security numbers and immediately shred documents that include credit card or bank account numbers.
If you utilize credit/debit card machines for payments, you must also be aware of the Payment Card Industry Data Security Standards, also called “PCI standards,” which are designed to ensure a secure environment for credit card information. Any entity that accepts credit or debit cards for payments (regardless of size) is required to abide by these standards. You can access information regarding PCI standards online.
Now is the time to establish a security breach plan if you don’t have one already. This should include (but is not limited to) descriptions of how you protect your data, who needs to be informed about a data breach and how you will resolve the breach. These preventative measures can go a long way in protecting your customers’ personal information.
This post has been adapted from an article that originally appeared in the myHomesteaders newsletter.