How To Secure Data When You Outsource Tech Support
Today, it seems like important business data is always at risk.
As businesses grow the need to outsource also grows, but there are usually concerns about data security especially when outsourcing tech support.
Outsourcing exposes you to compliance problems, liability questions, hacking events, and a host of other legal entanglements that can derail your company. Data theft—regardless of how it’s done—can cost your company millions.
The challenge is finding a way of safeguarding your data.
We’ve worked with businesses throughout the world to handle tech support and we’ve developed best practices to ensure data remains secure.
The best practices described below will help you safeguard data cost-effectively when outsourcing tech support.
1. Review Current Security Policies And Procedures
Before reaching out to a potential vendor, organize your current policies and procedures. This will make it easier for the potential partner to understand your business and any potential security issues that may arise.
During this process we find that most companies usually find a few potential holes or issues in the data security.
If you don’t have security policies, develop them if you can or at least get started organizing information so you can work with a partner to create the policies. Include data classification with the policy.
Distinguish between common and sensitive data and how to handle each type of data. Work with your team to develop standards and guidelines that work for all internally.
2. Principal of Minimal Usage
Adhere to the principal of minimal usage.
This principal provides access privileges to users only to the extent they need it to do their jobs. If someone needs to work with 15 files, make sure she doesn’t have access to all your files. Have a means to monitor and enforce material exceptions.
The principle of minimal usage is about balance. You want to empower the techs you work with to give your customers the best possible support, but when it comes to high-security data it’s important to ensure that only the highest-level techs have access to the data.
This protects your customers, your company and the techs from making mistakes with the data.
3. Select the Right Service Provider
Check out the service provider thoroughly when looking for tech support.
Speak with the vendor’s team and judge their understanding of your products / services / technology. Make sure that their company vision is aligned with yours. If there is match in values and ethics the rest will fall in place.
Look for these and other signs that the provider can handle the type of data you’re working with at your company.
Make sure it has a strict security policy with tight hiring practices. Make sure it enforces its security policy to the fullest extent. Paramount is its USB device guidelines. Make sure the vendor has specific controls that prevent copying data to these devices or a way to disable access to the devices altogether.
Also check out there support levels.
4. Monitor Outbound Internet Traffic
It’s difficult protecting data recorded in Microsoft Excel files—one of the industry’s most vulnerable file formats—but these dangers pale in comparison to the risks e-mail and downloads present. Review the service provider’s ability to monitor outbound Internet traffic.
5. Conduct Security Audits
Conduct two types of audits—an application/database security audit and regular network security audits. Conducting both is critical. The audits unearth issues with applications, databases, and devices on a network serving them. They also unearth potential vulnerabilities.
6. Review Prevention Technologies
Specific areas you want to inquire about regarding prevention are data flow control, policy enforcement, and employee adherence to security policies. Also check to see if your service provider has a way to prevent files with sensitive data from being copied and/or e-mailed.
Following these best practices will help minimize risks—and costs—data theft brings.
In our experience, these and other best practices do the best job of preventing security issues.
Does your company outsource business processes?
What are some of your best practices for securing data?
We’d love to hear your thoughts in the comments.