Security breaches are all over the news. How do you make sure your company doesn’t make headlines?

In late 2006, KeyCorp, one of the nation’s largest bank-based financial services companies, notified several thousand customers that private information about them – which may have included Social Security numbers – leaked out when a laptop was stolen from an outside vendor’s vehicle. And that’s just one of the many recent instances of customer data theft that are filling the news. You need to collect your customers’ and prospects’ data for your marketing efforts. But losing data to theft not only hurts your customers, it also affects your company’s public image and impacts your marketing efforts, too.

The best way to mitigate such a marketing disaster is to make sure it never happens in the first place.

But wait: Isn’t this a matter for IT folk? In part, yes. But as guardians of a company’s public image, marketers need to get involved as well. After all, if a breach were to occur at your company, repairing the damage would certainly fall, at least in part, to the marketing department. So it certainly behooves a marketer to help prevent such an event from happening.

How to do that? Here are five steps your company can take now to stop security breaches from happening:

1. Lock down your laptops
Fifty-four percent of data breaches in the last six months of 2006 occurred because of theft or loss of computer hardware like hard drives, laptops or USB sticks, according to Zulfikar Ramzan, senior principal researcher for Symantec Security Response. Most of the advice for preventing this kind of breach is common-sense: Laptops should not be left in cars if they contain any sensitive data. People should also be encouraged to lock their offices when they leave, and always keep their thumb drives in a secure place.

2. Encrypt your hard drives
You may think that encrypting your customers’ data will keep thieves at bay, but Paul Henry, vice president of technology evangelism at Secure Computing Corp. of San Jose, Calif., recommends encrypting a company’s hard drives as well. If any part of the hard drive on a particular computer is accessible, thieves can scan the drive to create a dictionary of words and phrases. Since people often use words and phrases that are familiar to them as passwords, the thief can launch a “dictionary attack” against your encrypted customer data, using software that cycles through your keywords in search of a working password. Thwart such dictionary attacks by encrypting your hard drives in their entirety.

3. Make sure your vendors are secure, too
All the security in the world won’t protect you if your vendors are vulnerable. “We make sure our vendors have appropriate security programs and that they follow privacy laws and regulation,” says Mike Monroe, KeyCorp’s chief communications officer. It’s hard for you to prevent a thief from making off with one of your vendors’ computers, but holding vendors to privacy safeguards like encryption and virus protection will keep your customers’ data as safe as possible.

4. Create a feedback loop
Your business operations are in constant flux, so your security measures need to evolve with them. Make sure that someone in your organization is conducting regular internal reviews to determine how your business has changed and what you need to do to keep your customer data secure based on that change.
For example, maybe your business has expanded onto another floor of your office building, or into another location entirely. Those ongoing reviews form the spine of your feedback loop. “It’s a self-improvement plan,” says Randy Sabett, partner in the Information Security and Internet Enforcement Practice Group at Sonnenschein Nath & Rosenthal LLP. “The notion is to have a way of revising your security policy in response to changes to your normal operations.”

5. It was here a minute ago…