By: Jo Hall (FSSA™ CFP®DipFP BApplEcon), Managing Director, Qwrk Outsourcing
As mentioned in one of my previous blogs, I recently asked for questions for those who have never outsourced, and for experiences for those who have.
A significant concern that was brought up early on (and which I completely agree with) relates to Cybersecurity. Thanks to Tom Hartvigsen CFP® for raising this valid concern!
In the same post, I also encouraged you to ponder over two specific things:
- You need to think beyond simply Cyber, and think about Information Security—of which, cyber is a subset. (Please check out my previous post for this challenge).
- Cybersecurity is just as relevant for outsourcing ONSHORE as it is OFFSHORE.
Today, we will consider my second challenge to your thinking: Onshore or Offshore – the Cyber risk is real!
I will let you in on a secret — data breaches can, and do, occur EVERYWHERE. Regardless of where your team members are located, data security risks are data security risks.
So, making sure that your outsourcing provider has considered all of the risks to your client’s information is imperative.
In some contracting relationships, your onshore provider may in fact pose a higher risk than an offshore provider.
Why?
Because as a single or smaller operator…
- they simply may not have considered Business Continuity;
- they may not have ensured that only relevant staff have access to relevant information that they need to do their jobs (privileged user access);
- or they may in fact not have a Data Breach policy.
If you haven’t asked your provider about how they manage your and your client’s data, then now is the time to do so!