• by Mary C. Long , Columnist, February 25, 2016

It’s terrifying, but there’s no way to guarantee the security of your data – total immunity is impossible. But protecting customer data is a huge responsibility, so you have to try – your users won’t forgive you if you don’t. 

Secure from both sides

You know exactly who your employees are, but most people who access your site aren’t employees, they’re customers – and chances are you don’t know who they are at all. While online anonymity isn’t inherently bad, not knowing who’s using your service is a serious issue.

User verification was once cost-prohibitive and uncommon in the entertainment industry – with the exception of adult entertainment sites, which have historically used it to prevent minors from uploading or broadcasting. Verification is also common with invoicing and accounting software – Due.com employs it to keep users’ financial information watertight. But as costs come down, with services like Trulioo starting at just $19/month, other entertainment brands would be wise to invest.

User verification protects you against potential lawsuits by making sure everybody who uses your service is legally allowed to do so. Trulioo uses “data sourced from either a utility or government issued database that is enhanced and updated with other source files such as public data, change of address, postal data, property data, and data pooling with other organizations” in addition to consumer, credit, watch lists, and electoral roll data. 

This citizen data allows you to block troublemakers before they enter your system. If people won’t tell you who they are, what are they hiding? Having a Netflix account isn’t scandalous. Using Spotify isn’t scandalous. It’s only fair that your customers are as open about their identity as your brand has to be about theirs.

Just because you can’t think of a way to hack into a system by viewing a website, it doesn’t mean a criminal can’t. And as you can’t protect yourself against something you don’t understand, verifying users makes sense – hackers work underground, and don’t link attacks to their own name and address.

It’s not always an attack

While they might not have any government secrets on their servers, big entertainment brands like Netflix, Hulu and Spotify have vast volumes of customer data to protect –and if that gets leaked, the damage can be crippling. It doesn’t even have to be a targeted attack like it was for Sony. A simple cache error is enough to cause chaos.

At Christmas, gaming platform Steam suffered a glitch that jumbled user data, allowing gamers to view others’ account information and purchase history. As important details were encrypted, the panic was short-lived, but consumers don’t shop with brands they don’t trust. If Valve (the company behind Steam) didn’t have such a good relationship with consumers – keeping communication lines open and updating honestly as the situation progressed – users wouldn’t have been so forgiving. 

While you can’t predict technical glitches, you can put safeguards in place. This makes damage control so much easier. Steam was able to reassure users by explaining that the exposed data “did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.” If they didn’t have this “good news” to share, customers would have jumped ship.

Replace your employees with AI 

I'm kidding, of course – but while people are a business’s greatest asset, they’re also its greatest weakness. Whether it’s through bribery or hacking an e-cigarette, the easiest way into a super-secure computer network is via the people who have access to it.  

So, what can you do? 

• Set up two-step authentication for all employees

• Make sure software can only be installed by the IT department

• Prevent employees from plugging unauthorized devices into company equipment (that includes smartphones, fitness trackers, and mysterious USB drives found in the parking lot)

• Make sure all unattended computers lock automatically

Online entertainment consumers are generally a computer-savvy bunch – they understand that total security is impossible, and they take an informed risk when they use your service. But while they won’t take a data breach personally if you have sufficient security measures in place, they won’t be so forgiving if you don’t.