3 Important Reminders—Data security & Email

Date

04/12/2019

Category

Author

Mike Hail

Data security is a phrase that seems to be on everyone’s lips these days, with a news report about the most recent breach of customers’ personal information seeming to pop up almost every week.  Data security must be an absolute priority in the marketing research industry, where companies handle the personally identifiable information for thousands, if not millions of consumers.

SOC2 Type II certification is awarded to companies that have proven their systems are designed to keep sensitive data secure. Controls can be assigned to one or more of the following areas: data security, availability, processing integrity, confidentiality, and privacy. 

Each of these areas requires that the company in question adhere to rigorous processes and system structuring when dealing with customer data security.  To qualify for SOC2 Type II certification, a company must submit to an initial evaluation followed by an annual audit by a third-party firm that encompasses all of that company’s internal control policies and practices over the course of the previous review period.  

Living and working as we do in the “digital age”, it’s easy to get comfortable transmitting data back and forth, especially since the means to do so have expanded, allowing for quick transfer of even very large files. It’s as quick as the click of a button to send a file of your customers to your research provider in an email so that data collection can begin.

But it’s critical that you don’t, as an email can be easily intercepted, and its contents extracted by a sophisticated hacker, and then you’re responsible for the exposure of your customers’ information to an unknown party.

SOC2 best practices for data security when sending emails include:

  • Never send emails containing personally identifying information (PII) or other information that you need kept confidential. Use a secure file transfer protocol (SFTP) instead.
  • Secure email communications and never send passwords in emails, unless the email is encrypted using a recipient authentication process.
  • Incoming email should be treated with care due to its inherent information security risks. No email attachments should ever be opened unless you both a) know the sender and b) are expecting the arrival of said attachment. Hackers can easily “spoof” an email to make it look like it comes from one of your contacts and trick you into sharing sensitive information.

Read more about SOC2 Type II certification and why it’s considered a best practice for data security.

Recent Posts