Reports for 2020 are revealing a disturbing yet not totally unpredictable trend for cybersecurity in a post-covid world. With more than half of the American workforce still working remotely at least part of the time, businesses of all kinds remain at a heightened risk of cyberattacks and data breaches. This growing threat landscape has government organizations, like the FTC, once again urging businesses to take a more active role in protecting consumer data.
According to the latest Verizon Data Breach Investigations Report, 89% of breaches last year were financially motivated. Knowing this, it’s not surprising that healthcare and finance were also at the top of their list of impacted sectors. Consumer data plays a critical role in day-to-day operations for these industries, and so does consumer trust. Another study from 2020 found 59% of consumers actively avoid businesses that have been involved in a cyberattack. This means successful breaches have financial repercussions that linger long after the initial cost of recovery and liability for those whose data was impacted.
To further complicate the matter, there’s a growing concern over data breaches as a result of faulty security by third-party partners. In the first quarter of this year alone nearly half of the data breaches for the healthcare sector were a direct result of a third-party relationship. This puts extra strain on decision-makers to not only ensure the quality of their internal security protocols but also those of any vendors— a task that presents a number of challenges.
In a Consumer Protection hearing prior to COVID-19, the FTC identified a common misconception that often leads businesses astray when it comes to examining security standards—
Compliant does not mean secure.
Many organizations conflate compliance with security and build their security strategy around the minimum regulatory requirements. This fails to recognize the evolving nature of cyberthreats and how greatly varied each organization’s data environment can be. Security programs must be tailored to the unique needs of the business, the type of data that is housed, and any means of access.
When choosing to work with a third-party organization, you must be careful not to fall into the same trap. Aside from illustrating compliance, a potential partner should be able to provide evidence of an active security program designed to change with the threat landscape. This means furnishing current certifications for meeting security standards as well as proof of regular auditing procedures.
Professional Credit takes consumer data protection seriously. We have a high-level security program that includes periodic auditing and manual penetration testing so our clients can rest assured the reputation of their organization is never at risk. We are proud to be one of very few collection partners to participate in the SOC 2 TYPE II audit, which assesses not only the security systems in place but the organizational structure that manages them. This audit and respective certification illustrate the ability of our security protocols to pass an independent evaluation and meet Trust Services Criteria.
To learn more about Professional Credit’s data security program visit this page or contact us directly.