The Best Data Security

There’s no question that data security is critically important. Even a small security breach can bring your entire business to a screeching halt, land your company on do not serve lists, and paralyze your staff. In addition, the costs – financial and to your reputation – can be deep, crippling your organization’s stability and standing in the marketplace.

Birchwood systems and processes comply with the most stringent security standards - the SSAE16 (Statement on Standards for Attestation Engagements No. 16), put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA).

Maintaining data security is our highest technical priority.

To learn more about your responsibilities as a Birchwood end user please review our Access Security Requirements.

Key Regulations

Businesses that handle confidential consumer credit information must be compliant with a number of federally regulated laws including:

The Fair Credit Reporting Act (FCRA): This act regulates the procedures around collecting and disseminating consumer information related to education, employment, credit, criminal activities, etc.

The Fair and Accurate Credit Transaction Act (FACTA): This amendment to the FCRA requires consumer reporting agencies to provide consumers with one copy of their file per a twelve-month period. FACTA also comes into play in cases of identity theft (an affected consumer can place a fraud alert on their file for national consumer reporting agencies) and in the secure disposal of any reports or other sensitive information (both physical and digital).

The Gramm-Leach-Bliley Act (GLBA): (The “Safeguards Rule”) This law pertains to the consumer privacy and the protection of non-public personal information. It requires institutions to provide a written information security plan that assesses and addresses any potential confidentiality risks. It also requires a financial institution to provide privacy notices to its customers. This act also addresses procedures in case of security breach.

Security Tips: Technical and Procedural

 Computer criminals are a resourceful lot with a seemingly endless amount of patience when it comes to wreaking havoc on your system. Malware that exploits existing security vulnerabilities in your software can launch an attack in a variety of ways – via behind-the-scenes auto installs, fraudulent “phishing” links, and so forth. However, there are a number of precautions that you can take to thwart their efforts:

Technical Precautions

• Software Updates: One of the simplest ways to guard against malware attacks is to make sure that your operating system and software programs are up to date. Developers and manufacturers are constantly releasing “patches” to address various malware and other security threats. Make sure these updates are routinely installed.
• Security Updates: Electronic security is not a set-it-and-forget-it undertaking. Computer criminals never stop looking for new ways to infiltrate your data. Pay special attention to maintaining the most current versions of your anti-malware/spyware/virus software.
• Security Audits: Have your IT resources run regular security audits to test the system for any vulnerabilities. There are also online tools and software programs that can assist in this process.

Procedural Precautions

Not all security risks are technical. Sometimes, to err is human. Paying attention to the human element as it relates to data access and sharing can help you improve security as much as technical precautions.

• Employee Evaluations: Make sure the people who will be handling sensitive data can be relied upon to demonstrate discretion and follow security protocols. Invest time in doing the appropriate background checks and following up with references.
• Employee Training: Once someone has joined your team, provide a thorough and detailed training on how to access, handle, and dispose of sensitive information. Even small things like proper password protocols and reminding staff to never open attachments that are either unexpected or from unknown sources can make an important difference. In addition, training that offers certification (like the complimentary FCRA course [JW6] we offer via the NCRA) helps to keep your team up-to-date on the latest key information and best practices.
• Data Access Tiers: Customer data should only be made available on a need-to-know basis. Make sure that your process and system are designed around a tiered protocol that grants user access based on different permission levels.
• Breach Protocol: Have a detailed plan in place in case of a security breach. Include information on who gets notified and when. Consider all types of preparedness from IT to personnel.
• Partner Risk Assessment: Remember that the chain is only as secure as the weakest link. Before engaging with a new partner, make sure that their security precautions are up to your standards.

If you have any questions about Birchwood’s data security precautions and protocols,
please feel free to call us at 800-910-0015.