What do Verizon, SunTrust, Equifax and Delta Airlines have in common? They’ve all been the victims of recent data breaches that have cost their respective companies millions of dollars trying to contain the damage.
While most large companies spend millions of dollars annually implementing technology and systems to fight against data breaches, the cause of compromised customer information is often the result of a simple oversight by an individual employee.
At Servicing Solutions, protecting customer information is a major part of our robust compliance function…something that is at the very core of our business model. While we have comprehensive systems in place and utilize the industry’s best technology, we also place a great focus on some simple—yet highly effective—rules for each and every employee.
When considering how to best protect your customer’s information from being breached, think beyond technology and complex systems and require that each employee do the following:
- Shred sensitive paper documents – All paper documents containing sensitive customer information should be shredded daily.
- Lock computers – Every time an employee steps away from their computer, even if just for a few moments, it should be locked. Employees need to be reminded that they are ultimately responsible for what takes place on their computer, and even being away from it for a short time can have disastrous results.
- Do not share passwords – Passwords are what ultimately protect an individual employee from having their computer accessed. No employee should share their passwords at any time, even with those colleagues they trust inherently.
- Clean desk daily – A clean/clear desk can greatly protect paper documents that contain sensitive information. When leaving their desk for a break or at the end of the work day, all documents should be kept in locked drawers or offices. Leaving documents face down on your desk on in an in-tray is not a sufficient way to protect company or customer information.
- Employee-Owned Devices – Consider your policy for employee-owned devices. At Servicing Solutions, the use of these devices is strictly prohibited in work areas. Not only are they a workplace distraction, but they can be used to capture, store and misuse sensitive company and customer information. You may consider allowing such devices to be used in break-rooms or outside of the building.
- Reporting Suspected Breaches – Employees need to understand that reporting a suspected data breach—immediately—is their responsibility. This includes the theft or loss of company owned devices such as laptops, cell phones, desktop computers, or tablets. Have a clear procedure that makes it easy for employees to report a suspected breach, whether through a dedicated phone line or to an identified person at your company.
Enforcing these simple policies, in conjunction with your broader compliance strategies and technologies, is an absolute prerequisite for any company, large or small, that has access to sensitive customer information.