What Questions to Ask Your Vendors About Data Security

Data security – one of the most prevalent topics in today’s headlines. As company after company like Delta and Best Buy are struck by onslaughts of data breaches, it is clear that there is a new reality – that everyone is at risk of having data compromised. With that being said, it is important to remain proactive at mitigating and identifying any risks that your company may face, and that includes doing a full examination and assessment of the vendors that your company employs.

When it comes to data security, it can tend to get complicated quickly. But to start, there a few important questions to ask your vendors, even if you’ve already begun to work with them and have fostered a strong relationship. Smart and well-prepared partners will always be ready to answer data security questions, like the following:

Do you store my customers’ data? If so, how are you keeping it secure?

The first (and quite possibly) the most important question – do you (the vendor) store my data? It’s always important to understand what your third-party partner does with a customers’ information. These vendors should always be able to provide a full run-down of safety protocols and procedures – and should be able to explain how all of these assets are protected. Is information redacted? Encrypted? Stored in-house? It’s always a good idea to be proactive and understand how these vendors safeguard your information.

Because of the increased concern around security and privacy, many of our clients have become wary of third-party partners that store large amounts of customer data. Compromised data leads to a loss of consumer loyalty, bad press, and a decline in revenue, which is detrimental for growing businesses. This makes working with partners that do not store consumer data a safer and more responsible option and should be the preferred choice for partnerships.

How up-to-date are your security features and how often do you update your security protocols?

If you’re in 2018 but you’re working with a vendor with security features from 2015, you’re already looking at a red flag. Antiquated or outdated security measures open the door to vulnerability and exploitation by cyberhackers. It may be self-explanatory, but it is crucial to ensure that your vendors are always up-to-date with their security features and protocols.

Certain certifications (like the PCI DSS certification) and other security policies are vital for protecting your company and your client’s data – so vendors should always be able to provide evidence of any necessary security standards that your company may need. Certifications that include yearly audits and rigorous testing procedures are the ones to look out for, as they will ensure that your third-party partner is always up-to-date with their security.

What are your physical security assessments?

The base of security starts with a company’s physical security and their employees. Because many companies tend to rely on systematic technology security measures, physical security is often viewed as an afterthought. Some important things to note about physical security are: whether or not your vendor does background checks on their employees, whether or not they have physical security setups on-site, and being able to determine which employees have access to certain types of data. Physical security should include (but is not limited to) video surveillance, security awareness trainings for employees, specialized keys and access control cards, and encrypted storage devices. If companies fail to invest and set up appropriate physical security measures to protect their data, they set themselves up as a susceptible target for cyberhackers and data breaches.

At SmartAction, protecting our clients is high priority. Because we understand the possibility of potential cyberattacks and data leaks, we take steps to ensure that we are not at risk of having information stolen. We never store sensitive personal information such as credit card or bank account numbers, protected health information (PHI), or social security numbers, on behalf of our customers. If we collect sensitive data during a call, we will immediately and securely hand it back to our customer’s back-end systems through an encrypted channel, and then delete it from memory. Our security protocols are always up-to-date and we are a PCI-certified company, meaning that our systems are audited yearly to ensure compliance.

To find out more about how SmartAction is changing the call center industry with our omni-channel solution and the use of data, check out our webinar!