What To Look For When Outsourcing Your Billing

Outsourcing your billing to a third party to handle your transactional mail? Follow these three steps to make sure your clients’ data is safe and secure in someone else’s hands.

Security breaches make us all uneasy

Are you concerned about the security of your clients’ data? You aren’t alone. Highly publicized security breaches like those suffered by Target, Adobe and Facebook make all of us uneasy about the vulnerability of confidential information that our our clients and customers share with us.

As a business owner, you have a responsibility to protect your customers’ personal information, not only when that information is in your hands, but when you share that information with a third-party company, such as those you contract to handle your monthly billings or invoices. That’s why when you must carefully evaluate a third-party contractor before outsourcing your billing.

It’s not nearly as daunting as it sounds. Taking these three steps will significantly lower the chances of a data breach when outsourcing your billing:

Step 1: Create a team of security advisers

Ensuring that your transactional contractor is up to speed in terms of data security is not a job for one person. Create a team that will evaluate potential vendors for transactional billings. Make sure your IT manager and chief financial officer are on the team.

Step 2: Take a tour

Are you based in or near the same city as your contractor? If so, have as many members of your team as possible tour the contractor’s facility. Before your visit, talk to your team about what to watch for, including:

• Building access. Companies that are truly concerned about the security of their clients’ records will limit access to their buildings and use cameras and video surveillance systems. Doors will be accessible only by key card or code and visitors will have to identify themselves and have business with the company to be given access. Visitors will be accompanied by a staff member at all times.
• A second layer of security. Companies that are on their toes will have a secured area for their data that can be accessed only by employees who work in that area. Typically these areas have no external walls and are in the heart of a building, for added security.
• Professionalism and knowledge of staff. Meeting the vendors’ staff face to face gives a better feel for their professionalism.
• Screening and hiring. Are employees, especially those who handle data, vetted before they are hired? Background checks for criminal history, credit problems, etc. are critical. Personal and professional references should be checked.

Step 3: Ask four critical questions about data security.

Whether your team meets your contractor in person, by teleconference or by phone conference, ask these questions:

1. Do you have a written Data Security Plan? Can you share it with me? A data security plan stipulates measures taken to protect data; it also spells out steps to be taken if data security is breached.

If the answer to this question is “No, but we have a data security plan and everyone knows it,” head for the doors. A company that has not taken time to write its data security plan is not serious about protecting your company’s information. If the answer is “yes,” review the plan. A company’s data security plan should not be a static document. It must be revised frequently as technology and security change. Ask your how often your contractor reviews its data security plan. This might also be a good time to ask if the company has had any data security breaches in the past.

2. How do you educate your employees about the importance of data security? How are employees schooled about the importance of following procedures to protect data? Are workers allowed to download mobile applications on their work computers and devices?

Mobile technology opens the door to many breaches. Do employees use passwords effectively and do they understand the threats posed by unsolicited email and downloading business data on their personal computing devices?

3. Do you have a data storage policy? A data storage policy governs how data is managed and controlled.

It determines how data is collected and stored, what is kept for future use or for reference, when and how records are disposed of and how records are organized so they can be accessed. Is there documentation of which data must be kept and what data can be deleted and stored for a certain amount of time? More data stored over a period of time increases security risk. When you discuss data storage, you must stipulate the requirements that your company will have for its data.

4. Does your company use encryption? Encrypting data protects your information from criminals, competitors, hackers and accidents.

When your data is encrypted, the information is scrambled and turned into a code that can only be deciphered when it is “unlocked” with a special “key.” The key is only given to those who should have access to the information. Encryption is an easy, effective way to protect data. If a third-party vendor isn’t up to speed in this area, don’t hire them for outsourcing your billing.

Protection takes planning

Your customers are the future of your business. Protect them and their confidential information by being proactive about safeguarding their data when outsourcing your billing. Remember Winston Churchill’s warning:

“Those who fail to plan, plan to fail.”