Niyamath Parveez

Outsourcing is necessary to reduce operational costs and increase profits of an organization. There can be no doubt about it. But exposing too much sensitive data to the offshore service providers can backfire on a company. There have been incidents in the past when a company’s sensitive data has been compromised, and their offshore service providers have been suspected for the breach. The fault is not just of the providers either. The company’s have often been less than cautious about their confidential data. When a company leaves their sensitive data exposed, even hackers can gain access to it.

In order to prevent incidents of data leakage, companies need to follow some good policies to ensure security of sensitive data. Here are some of those:

1. Classifying the data – This is one of the most important steps to be taken to secure data. The company needs to determine which types of data are sensitive and which types won’t make much difference even if compromised. For banks, for instance, data about the changing rates of taxation based on the clients’ monthly income won’t make much difference even if it is seen by outsiders. But, critical information about clients, such as, their contact details, bank account numbers and passwords, etc. must never get compromised if the bank is to stay in business. Literally.
2. Categorizing the organization – This is another important step. Is the company a bank or a financial institution? Is it a healthcare company or a public company? Does the company deal with loads of personal data of clients? These are the questions that the personnel of a company must answer before opting for an offshore service provider. If they deal with a lot of sensitive data about clients, such as their contact information, their bank account details and their monthly salary figures, then the company needs to be extra cautious to ensure that the clients’ data is not compromised by the service provider.
3. Choosing the right vendor – This is a pretty tough thing to do, but important nonetheless. It is better to choose offshore service providers who also have branches in the US, for ensuring extra credibility about the provider. Some questions are good to ask to a prospective provider before the deal is finalized. The provider should be asked whether they would agree to submit to an external security audit of their company. This will ensure that the provider takes the issue of security of client data seriously. Also, it is good to ask them whether they can provide a list of names of past clients. If the company tries to weasel out of answering these two questions satisfactorily, it is a sure shot sign that they are hiding something. The deal should not be made with them in the first place.

Finally, before completing the deal, care should be taken to determine which activities are going to be outsourced. Sensitive activities like penetration testing of the company’s network and automation scripting are best done by service providers with excellent reputation in the field, to ensure that the safety of the company’s network and sensitive data will not be compromised. Offshore service providers should be chosen carefully. The safety and reputation of the company both depend on taking the right decision regarding this.