Welcome to the New Regulated Normal
The tide is shifting when it comes to customer data. While organizations covered by HIPAA or FERPA are used to dealing with the security requirements that come with those laws, new general privacy laws are starting to enfold other industries. GDPR and the new California Consumer Privacy Act both include strict protections for their citizens’ data, no matter where it’s handled in the world.
That means, regardless of your business model, if you serve customers from the EU or California (and likely soon to be many other locales), your organization is now going to be on the hook for protecting them. It’s no longer just a question of lost reputation and business in the event of a breach. Now hefty fines, mandatory reporting costs, and other new expenses are hitting the bottom line.
Documents, Files, or Voicemail…It’s All Data
Digitization of records is a huge potential win for expenses, storage space, and efficiency…but it does mean that physical locks are no longer sufficient for keeping things safe. Any form your customers’ information takes in your care could potentially be covered by these new regulations, so steps should be taken to protect it from prying eyes.
Be Aware of Both Internal and External Threats
Cybersecurity publications often focus on external aggressors: hacks, phishing attacks, ransomware, and other threats. These are all serious risks that need to be taken very seriously, but it’s important not to forget about the possibility of internal problems, both intentional and accidental.
Even the most well-meaning employees can make mistakes, and the news is full of stories covering the results. For example, grabbing the wrong file resulted in twelve CDs mailed out containing the driver’s license, birthday, and social security numbers for the entire electorate of the State of Georgia. This incident, dubbed “Peachgate” showcases how just a few seconds of accidental carelessness can lead to a major problem.
Everything in your security protocols should be examined with ease of use in mind, both to prevent mistakes and intentional circumvention by employees who feel these policies are “too much of a hassle.” Implementing strata of access can also help contain exposure in the event someone’s credentials are compromised.
Send and Store Information Securely
Just because information is in a recorded sound file doesn’t mean it’s not subject to these laws. Storage and access protocols should keep voicemail in a controlled environment, where outside devices (like cell phones) access it without downloading it. That way if a device is lost or stolen, its access can be cut remotely. When exploring Unified Communications solutions, be sure to choose solutions built with “security by design” and that offer Secure Voicemail functionality.
When it comes to transferring documents, to be blunt, email doesn’t cut it. It’s a very convenient communication tool, but it is inherently insecure. Physical media transfers are an alternative, but also carry with them a host of issues. Expensive, unpredictable shipping and a risk of loss or theft are chief among them.
A proper secure communications solution should pair solid security with a level of intuitive design that makes sending and receiving documents and files easy. Fax is the de-facto standard for many industries. A strong Fax over IP (FoIP) solution brings modern conveniences and record-keeping to this venerable medium, while substantially reducing costs.
If your organization instead needs to transfer files of different sizes or formats, or wishes to communicate with the public without forcing them to track down a fax service, there are a range of secure file transfer services and portals available on the market. Many of these are rather arcane in their design, and/or require software downloads and training to use. While that’s fine for communications with those who use them regularly, they can be serious barriers for less common contacts.
It’s important to know what such a solution can do for you, and how much time it’s likely to add to workflows, before signing a contract. There may be easier-to-use options out there.
Now’s the Time to Evolve Your Communications
Upgrading the security, efficiency, and ability to audit your document/file communication systems can be done quickly, affordably, and without a major overhaul to your systems infrastructure. Scandals are driving a global trend towards tighter privacy requirements under the law. Now’s the time to prepare your organization before an expensive breach happens.