Is your business protected on a digital front?
Every day, each of us puts information out into the universe via the internet, It may be on our computer, ipad, android phone, or ...dishwasher? All information is not equal, but a right to privacy is a right all of us have, and we rely on corporate America to protect those rights every day. Some firms take a nonchalant approach to their data and security, and if you are not dealing in sensitive information, that might be ok. But it’s not ok when your personal information is at stake.
It is always interesting to take stock in those areas that appear most recent. For instance for those of us in Florida and Texas, a few weeks ago, many of us were thinking about our disaster recovery plans. How sound are they? Will they work to their design? BUT NOW, just off the heals of those monumental national tragedies, many of us are taking steps to ensure our private data, including employees and clients, are held in the strictest of confidence, without leaking, and protected by the virtual equivalent of Fort Knox!
So how do you know your internal data is secure? How do you know your vendors or clients have not been breached? What vulnerabilities exist within our own businesses, and with our vendors?
The books on data security could fill a small library, and there is no shortage of good IT personnel to help in this area (although they might be charging more now). I am interested in sharing tips to help ensure you, as a business owner, are taking steps to evaluate your vendors. How do you identify those vendors that may have “holes” in their systems or processes where you could be exposed?
Let’s start with some basics.
Ask for the Audit - A security audit, or a SSAE16 report (an external report identifying all processes are stable and will not cause financial harm or inadvertent access to systems). The reports are great tools by organizations and a terrific first step in the fight against abuses of privacy. If you work with a vendor that does not have such audits, consider looking for a new partner. We are always excited when we are asked for our SSAE16 report because it represents a seriousness of the clients commitment to data security.
Data Transmission - Do your partners allow you to correspond with them securely, or is it simply over email (email is not necessarily secure and can be easily hacked). At Questco, we send almost all documents out through a secure connection, requiring a registration from our clients to access such information.
Evaluate the Insurance
- Many years ago it was not necessary to carry things like “Business Interruption” insurance or “Cyber Security” policies.
Times have changed, the world is getting more unpredictable, and criminals are looking for new ways to get their hands on some money. It is important you ask both yourself, and your vendors, if they have the coverages in tact that may respond to such catastrophies. Taking these policies seriously is another great sign someone is thinking clearly about their security and wells being for their business.
Our clients task us with protecting their proprietary information every day. We are committed to the infrastructure and HRIS systems that have the highest level of security and privacy. I only hope all HR service providers share our commitment. Dangerous waters are ahead, and all of us have to continue to think about ways to be ahead of the cyber criminals, install state of the art technology, and continue to be vigilant in our approach to security.
President and CEO - Questco Companies