Data security is a hot topic these days and for a good reason. Every week the news carries a story about a breach of consumer information.
According to the Identity Theft Resource Center, there were nearly 9,000 data breaches from January 1, 2005, through May 10, 2018. Those breaches exposed more than 1 billion consumer records. Far worse, the Breach Level Index counts 9 billion lost or stolen records since 2013.
These stats are alarming. Most businesses have some data about customers, from names and addresses to Social Security numbers, credit card numbers, and passwords. These cybersecurity criminals are targeting a variety of companies; it’s not limited to one industry or even one type of information.
Your Business is Liable
Sometimes the threat is from within. According to Heimdal Security, “59% of employees steal proprietary corporate data when they quit or are fired.”
But some company managers aren’t worried; they don’t keep a lot of consumer data, so they feel safe. But here’s the catch: you can be held liable for data breaches by your vendors and third-party service providers. You can also be held responsible for your cloud storage providers. Most contractual agreements do not pass liability to the company managing your payroll, your cloud storage, or your collections. This means your company’s reputation and possibly millions of dollars are at stake.
Questions to Ask Your Third-Party Vendors
If you work with a third-party agency for collecting unpaid or overdue bills, here are some questions to ask to help make sure your customer data is as safe as possible.
- Are your vendors committing to best practices by investing in third-party audits? Cybercriminals are experts at what they do; it takes another expert to know how to protect against these crimes. Make sure your vendors strive to be as safe as they can through external and internal audits of their practices.
- What are your vendors’ policies for record storage and keeping? Even the simplest thing — like someone leaving a form on his desk and walking away — could lead to a data breach. Do employees have access to records while at home or from personal laptops?
- Does your vendor carry cyberliablity insurance? Such policies were once a nice-to-have for those of us in collections. Now, it’s necessary! Many companies should also carry this policy, which is not typically included in other business insurance. If a cyberattack or breach occurs, you’ll need to spend time and money to make changes, restore information, and compensate people for losses.
While we aren’t likely to stop cybercriminals completely, we must strive to protect ourselves and our customers as much as we can. If you use a client portal, read more about security in that area.