Many companies are taking advantage of lower costs and efficiencies associated with outsourcing business processes offshore. Companies that choose to offshore work must be cognizant and tenacious in their efforts to protect personally identifiable data at all times. Failure to ensure the security of that data has the potential of causing significant impact with regard to trust and reputation in the event of a breach.
1. Absolutely no data stored outside of the United States!
2. Have a paperless environment and a documented clean desk policy with clear implications for violations.
Items not allowed in work areas should include:
- Cell phones
- iPads, iPods, or similar mp3 devices
- Data storage devices
- E-book readers
- Smart watches
- Writing instruments
3. Minimize the ability to manipulate or store data by utilizing thin clients connecting to a Virtual Desktop environment located in a secured data center in the United States.
4. Eliminate the ability to manipulate, reproduce or store data locally.
- Disable USB interfaces.
- Disable storage.
- Disable copy/paste in applications.
- Disable printing capabilities.
6. Do not allow any form of external email, incoming or outgoing.
7. Limit Internet access to approved, work related sites only. Block access to external email sites (i.e. gmail and Hotmail), chat, messaging and pasteboard sites.
While the proceeding “best practice” options are not all-inclusive, they provide an industry accepted framework that result in a highly secure data protection plan for an offshore operation, whether it be an internal operation or the operation of an outsourced provider.
This blog was authored by CBE’s Security Team.