By Darren Hickman.
Darren Hickman, managing director of ComplianceAssist, on what you should be looking for from your suppliers when it comes to information protection.
Today’s world has changed beyond recognition – businesses are moving to cloud based services and many use 3rd parties to provide support on a day-to-day basis.
With advances in technology and the drive for greater efficiency, more and more services are being outsourced – be this the development and support of applications or the hosting of services.
The cost benefits of these approaches are quite simple to assess but what about the risks? Most companies are reasonably aware of their own technological safeguards including firewalls and encrypting their data to ensure it is secure.
More companies are aware of the Data Protection Act and have probably included terms in contracts with suppliers about the need to adhere to these principles. But are these safeguards just cosmetic and really how much do you know about the security in your supply chain?
Recent cases of data loss show that fines can easily wipe out any savings made and the black market in personal data means there are people out there who will take advantage of any weakness.
Are your suppliers putting you at risk, whether it is intentionally or unintentionally? And how can you ensure that their systems and procedures are stringent enough to protect your business and your customers’ business?
1. Who is accessing your systems?
Those providing support will need to access your systems from different locations, by different users and different computers. Make sure, when you are giving access to your systems in any way, shape or form:
That the password and user IDs are different for each user and enforce strong passwords. This enables you to know who is accessing your system and ensure they are being kept secure. One generic ID and password stored in a place open to lots of your suppliers’ employees is like on open door to your data.
That access to your systems is not left open giving access to anyone when authorised users are away from their desks and computers.
2. How protected is your data?
Make sure you only allow relevant staff to see your data.
Know who is storing your data. Does your supplier download any of your data and do they need to?
If storing your data, make sure devices are encrypted to prevent accidental loss if a computer, laptop or USB stick goes missing.
Is data ever printed off? If so, is it shredded immediately after use and kept safe when being used?
Find out where your data is being accessed from. Is it a secure office or the local coffee shop? Ensure that any work being outsourced or contracted out from suppliers is accessed from secure sites.
If providing a hosted service are there servers secure? Are they in a secure location and have they undertaken independent testing to ensure there are no security holes?
3. How well do they know their staff?
Keeping your data secure means making sure you know those who are dealing with it are secure. All the encryption will mean nothing if someone intentionally downloads and sells your data. Have employees been involved in identity fraud, money laundering or other crimes that could make them higher risk.
4. Is their office secure?
Likewise check supplier’s offices are secure. Making sure that no-one else can access your data while it is on their premises is as important as checking the people who are working with your data.
5. Have they ever been cyber attacked?
If suppliers use their own computers to connect to your systems and data, check they have anti virus, firewalls and the like in place. Check whether they have ever been infected by viruses and if so, know to what extent and what processes have been put in place to rectify things and make it more secure.
6. Where does the supply chain stop?
Ask your suppliers whether they are outsourcing anything and if so how well are you protected by their company? Make sure every step in the process is secure and checked.
Asking these questions and knowing the risks is the first step in protecting your business and your clients. However, once you have these procedures in place, how do you ensure it is being done consistently and continuously?
Make sure they undertake regular checks and annual audits so that standards and processes haven’t slipped and are evolving with new technologies.
As businesses grow and they take on larger and more clients, offering a secure supply chain can give your business a competitive edge to a prospective client and show that you take their business and their assets seriously.
Darren Hickman is managing director of ComplianceAssist, a specialist provider of customer screening