Equipped with on-the-go devices such as laptops and smartphones, distributor sales representatives are more efficient and productive than ever. Unfortunately, the same equipment, which can store limitless amounts of data, can also expose jan/san distributors to a new world of security risks.
Risky Business
Distributor sales reps now have remote access to such valuable intellectual property as company financials, client lists and proprietary forms. Keeping this data secret is imperative.
It is also important to safeguard data for legal and ethical reasons. More than 40 states have privacy laws that require businesses to protect private information. And following a series of high-profile security breaches at large retail corporations and financial institutions, customers are more reluctant to hand over personal information. Business-to-business relationships have been similarly affected by security fears.
"Sometimes you can't avoid placing confidential information in the hands of outsiders," says Jim Kelton of Altius Information Technologies, Inc., an IT security audit and security consulting firm in Santa Ana, Calif.
As soon as a mobile device (and the data stored on it) leaves a distributor's building, it becomes a security risk.
"These devices leave the protective perimeter and controls within the office building," Kelton says. "Without security protection on the device, the device itself and the data on the device can be compromised."
Most distributors understand the potential for physical risks such as loss, theft or damage. In fact, most companies have insurance policies to protect financial investments in equipment. What businesses are less likely to consider and prepare for, however, are the threats they can't see, such as viruses, eavesdropping and pirating.
Replacing a laptop is expensive, but losing valuable data to a hacker can also be pricey. Security breaches not only cause headaches, they can also lead to a loss of customer trust, the termination of important contracts, and even costly lawsuits.
Simple Steps To Safety
Protecting a company's sensitive information can be achieved in only a few steps according to IT experts.
First, distributors should assess the data they collect and where it is stored. The Federal Trade Commission takes a broad view of what constitutes personal information and so should distributors. Social security numbers are clearly sensitive data but so is a last name combined with an address or phone number.
Any computer, laptop, flash drive, cell phone and other equipment that houses (or could house) personal data should be outfitted with firewalls, encryption software or other appropriate security measures.
The second step is to protect customers by collecting from them only the information that is absolutely needed. If there is no legitimate business reason to collect a social security number or bank account number, don't. Gathering less data reduces a distributor's liability and eases customers' concerns.
"We try to focus on managing what access each of our employees have, ensuring that they are only able to view information that they need to and in that way we can contain and manage the security of our data," says Mark Newhouse, CEO at Laymen Global in Edison, N.J.
Next, take proper precautions when disposing of laptops, USB flash drives and other mobile devices that may contain sensitive information. Private information can remain even after being "erased," making these devices a goldmine for identity thefts and other criminals.
Simply "clearing" a device of its contents isn't enough. The item must be "wiped" or have a "hard reset" as directed by the product manual. When in doubt about whether a device has been safely and securely scrubbed of its contents, contact the item's manufacturer for guidance.
Another key element of protecting information is a written plan that prepares employees for potential security problems. Prepare policies for every conceivable incident, from a lost laptop to hacker theft — and then conduct frequent training on the rules.
"Security risks always worry me and are hard to completely eliminate," says Mike Norton, information systems administrator for Kalamazoo, Mich.-based Ship Pac Inc. "We have a technology policy, which outlines how the company expects employees to use company-owned technology. Everyone signs an acknowledgement annually. It doesn't eliminate the risk but it keeps our loss to a minimum."
Distributors that don't have the time or knowledge to create a security policy, particularly for newer mobile devices, can find customizable templates online.
Security Measures
Data theft can occur in multiple scenarios, so, distributors must take secure measures to ensure valuable information is being properly guarded.
Data theft can happen when an unauthorized person sneaks a peek at an employee's computer screen (on an airplane or at a coffee shop, for example). To prevent this scenario, consider investing in privacy screen filters that narrow the viewing angle on laptops so data is only visible to someone directly in front of the screen.
Likewise, be wary of WiFi hotspots. Many laptops and smartphones automatically detect wireless access points but cannot differentiate between legitimate hotspots and rogue devices. Advise employees to ask proprietors which network is correct before connecting. Choosing the wrong one can allow a hacker access to data.
Data encryption is one of the best ways to keep information secure. Passwords on mobile devices can protect the integrity of confidential data. More important, however, is encrypting the information so it is secure in case of loss or theft of the device. Encryption can also help with "eavesdroppers" who can steal information as it is transmitted wirelessly.
There are many budget-friendly encryption software options on the market. The most secure solution is full-disk encryption, which protects everything on the device's hard drive (file-based encryption protects only the files a user chooses to store in encrypted files). When using software, be sure to back up the software keys used to encrypt the data.
It may sound obvious, but backing up data is an important, but often overlooked, security measure. For example, last month, three of Kelton's clients downloaded a virus that blocked their antivirus software and prevented access to their hard drives and Internet. In addition to investing in software to protect against malware, it's important to have remote backups of all data in the event information is ever lost.
Another way to protect data is to use server-based computing, also known as thin-client computing. This enables any computer to access applications or programs from any Web browser over the Internet without having to install the application on every desktop system. Thus, all data is stored on central servers and employees' devices simply serve as screens to view the data.
"When our employees work remotely, it is as if they are on a terminal in the office," says Norton, whose company uses thin-client computing. "Their work is being saved directly on our system in the office, which minimizes security problems and provides a back-up of their work."
It may also be a good idea to invest in a supplementary insurance plan specifically designed to protect against electronic risks (most traditional insurance policies don't cover cyber problems). Additionally, there are software programs, that can help locate and recover stolen computers.
At least once a year a distributor should evaluate its security systems to verify that the controls are working and are sufficient. An independent third party can provide an objective evaluation and suggest improvements based on the latest technologies.
With so many security options available — and new ones being introduced all the time — it can be overwhelming to decide which is worth the investment of time and money. Despite the difficulties, the modern business landscape dictates that distributors do something to protect their company's data as well as their customers' interests.
"The best we can do is try to implement as many security features as possible without hindering our daily operations," Newhouse says. "It is important to make sure the disadvantages of using IT do not overcome the advantages by putting in place as much security as possible so that [our information] is not at risk of being open to whoever wants to ruin all we have built."
Becky Mollenkamp is a freelance writer based in Des Moines, Iowa. She is a frequent contributor to Sanitary Maintenance.