The internet consists of approximately 1 billion websites and counting. Every second, approximately 6,000 tweets are tweeted; more than 40,000 Google queries are searched; and more than 2 million emails are sent. With so much of our information out there on the web, it’s important to make sure that online companies you work with are secure.
How do you do this? What should you look for? How can you assure that your students’ and clients’ data remains confidential?
Here are just a few questions to ask when choosing a business to work with:
#1 Are their employees trained in security processes and principles?
It’s important for all employees to be trained in data security. Training includes how to handle sensitive data, how to safely send and receive sensitive data, keeping computers and laptops safe, best practices when using email and social media, and many other topics.
#2 Do they have a system in place to keep information, computers and networks safe from cyber attacks?
With all of the cyber activity these days, it’s important that anyone you work with has tools in place to protect against cyber attacks. There are many tools available to protect against such attacks: firewalls, DDOS attack mitigation, web application security. Find out what the companies you work with have in place to protect your data.
#3 Do they control the physical location where their information is stored?
Desperate hackers have gone so far as to hack into a system through the actual physical location. Are there controls in place to protect the physical building where your information is stored? Are there codes on the doors? Do employees use door passes or badges? This is especially important if sensitive data is stored in physical, paper files.
#4 Do they employ best practices for payment procedures?
If payments are taken over the phone or digitally (via a website or payment page), are best practices being used to ensure that sensitive data is secure?
#5 Do they limit which employees have access to data and information?
To keep data secure, it’s best to only allow access to it by the people who need access to it. Limiting access is one way to promote security. Do the companies that you work with limit access? Does everyone have access to secure data or just the people that need it?
The good news is that if your vendors have a security certification, you can rest assured that an external company has reviewed their protocols and processes to make sure that they are handling data in a secure way. Basically, if they have a certification, you can say “yes” to the previous five questions with confidence.
There are many different security certifications out there, depending on what kind of data you need to keep secure. For example, PCI compliance is specifically for payment information. If your vendor is accepting payments online, they should be PCI compliant.
Other common security certifications include SOC 1, SOC 2, HIPPA/HITECH, HITrust, ISO, and NIST.
When choosing who to work with, it’s important to ask these questions and pay attention to their certifications. This information can usually be found on their website, but if you have any questions, don’t be afraid to reach out and ask them directly. Your privacy and security are important!
Good news for those who work with 3rd Mil Classrooms! We are PCI compliant and SOC 2 certified. You can rest assured that your data will be protected!