Almost every company today has access to considerable quantities of sensitive
information regarding their customers. As a result, it has become critical to
have the proper controls in place that fully protect customer data and company
information. Even the slightest data breach can lead to irreparable damage to a
company's reputation, as well as leading to lawsuits or regulatory fines.
It starts with taking a global view
While the term "identity theft" has become synonymous with the thought of computer hackers, the truth is that that there may be vulnerabilities within your own operations that frequently lead to accidental privacy violations-which can be equally damaging. The risk of data loss through the Internet is obvious, but the security risks that are involved with people taking work home via laptops, portable USB devices, etc. can be overlooked. In this regard, important considerations include whether you have a system in place (and a policy) that ensures your employees are shredding all sensitive documents or have limited access to sensitive data.
Some questions to consider when determining how well your utility is identifying and tackling the risks of data loss include:
How the questions are answered may make it immediately clear what the necessary next steps should be.
Finally, certifications count
Many utilities have chosen to outsource their document processing, distribution and billing solutions to a reputable third-party provider certified in operational excellence and security. If that is the path your company chooses, it is important to ascertain if the third-party provider is independently certified in the industry standards mandatory to security compliance.
The top three certifications to ask about are:
Protecting and ensuring compliance for every business today is more than a full-time job: it requires 24/7 monitoring of all data, networks and internal processes. The security of your data should be priority-one and it is important to implement the proper protections, whether internally or by partnering with a third-party provider. Without these fundamental controls, there is a definite opportunity for data to be unmonitored, leaving a utility open to a multitude of risks that with the proper planning and processes can be averted.