There’s a wealth of regulation within the world of information technology - from the way data is stored, to the ability to access it. Is this a challenge that you or your clients face?
From eCommerce to telemarketing, data protection affects almost every business. Storing data now has to be done in such a way that it isn’t accessible from outside the company network. This means that users from outside the business don’t have any access to see, edit or transfer it in any way. There’s a large amount of misinformation here, but even users going home and telling their spouse about their clients at work could breach data protection if vital information is shared, such as financials or any identifying details. As an MSP you can show knowledge in this area by identifying possible breaches and methods of addressing the challenge. It could be in the form of a quick online webinar or blog, or it could be encrypting user data correctly. By showing strength in this area to businesses, it proves that you have an understanding of the laws and your willingness to address any potential issues.
MSPs that we’ve spoken to have all stated that email management is one of the biggest challenges they face when working with their clients. Moving users to a secure environment is easy. What isn’t easy is ongoing maintenance and the archiving of emails, with sensitivity that could be noncompliant in the future. Users can be a headache here – sharing sensitive information such as client interactions or even usernames and passwords, is a huge potential security risk. ISO27002 is information security guidance that depicts how emails should be stored and managed, while ISO15489 covers record management regardless of structure or form in all types of business. Ensuring that your clients are aware of just how important remaining compliant with their emails is, will prevent any future data loss or compliance breaches.
GDPR changed the way a lot of businesses were able to operate. The regulation covers data privacy and how data is obtained and used by businesses. There’s also a huge amount of regulation around how customer financial data is stored - for example a user's personal identifiable information needs to be kept separate from their bank account or credit card details. The intention of this is to cut down on fraud and identity theft. Many times in the past if there was a breach, the hacker had access to everything they’d need in one sitting. These newer regulations mean that two sets of data are encrypted in separate locations and as such it’ll make things far more difficult for those with malicious intent. GDPR has made businesses more aware of what they can and can’t do with customer data. For example if you purchased data previously, there has to be a genuine reason for the business to own it and you can’t contact people, via phone or email or other methods without genuine true cause. This data also must be protected and not sold on or be accessible by other businesses.
Find out more
To work with us and find out more on how to help your clients, please get in touch here or call us on 0161 498 1200.