The outsourcing regime rests on data protection and client confidentiality and to that extent, it is sensitive to any breach that might prove fatal to the entire business. Some of the recent happenings of data theft have pointed to the vulnerability of these areas. Data Protection and Client Confidentiality are crucial to any outsourcing business and more so in case of legal outsourcing. The success of any client-attorney relationship depend on the attorney's ability to assure the confidentiality of the client's data with high stakes and any breach thereof can be a matter of ethical and professional liabilitiess that an Attorney carries along with the brief. These are serious concern for LPO as well.
The first step towards achieving cyber security is to sensitize employees to the layers of responsibility. "Developing a culture of privacy and data protection," says Salman Waris, operations manager, Legal Circle, "is more important. People should be educated about what they are handling...and what the repercussions could be." In recent past, a case of theft and breach of sensitive data was reported by Titus & Co., a law firm of Delhi. The Delhi High Court even passed an injunction in this case against four lawyers that includes a Nigerian national from using the data and confidential information stolen from their previous employer, Titus & Co. This was probably the first case of cyber crime and data theft and it showed the liability of legal profession in India. Since then there has been concern within the industry propelling higher security checks and systems. In another such incident of cyber crime a software company in Gurgaon filed a case against one of its employees, for transferring sensitive data of the company to his personal mail ID and later using it to the benefit of a rival company.
Cases like these, directly bring the security of the companies under scanner. Physical security is not enough for the outsourcing companies. In addition to physical security, they also need other special infrastructure towards maintaining cyber security, like: web security, LAN/WAN security, security against malicious programs, like virus, secure login and logout of the resource along with tracking. Listed below are the best security practices for LPO and also the best security practice for any outsourcing business:
LPO Best Practice:
- Make quality customer service the highest priority.
- Do not sell outsourcing services as loss-leaders with the expectation of making it up later.
- Responsibility for all our actions when performing the services.
- Resist the urge to over discount.
- Listen to the customers for ways by which the service can be improved..
- Manage the outsourcing deals to optimize customer service, not short-term revenue.
- Take real measures to reduce turnover and keep the workforce happy and interested in the work.
Security Best Practices:
- Secure and dedicated infrastructure that meets ISO 27001 standards.
- 24/7 on-campus security staff
- Bio-Metric access controller to enter into the office premises
- Firewalls
- Point-to-point network connectivity using routers that are configured with DES encryption at both ends
- Anti-virus software
- User–ids and passwords to log into the Client systems.
- Disabled floppy, CD drives and USB mass storage devices.
- Security policies are defined (desktop, password, e-mail, and domain).
- Regular reviews of firewall logs
- Periodic network and host vulnerability tests
- Regular internal audits
- Client audit teams are allowed to conduct security audits on the dedicated network provided for their services.
- Information security management and control audits as per ISO 27001:2005 standards.
Before starting its operations, an outsourcing company have to have proper infrastructure for complete protection against data theft. In 2005, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) formulated certain standard of practice for Information Security Management. ISO/IEC 27001:2005, commonly known as ISO 27001, lists the requirements for the data protection of an outsourcing company.
Georgia Tech Information Security Center (GTISC), a leader in nation's information security research and education released their report on areas of cyber threat that shows data as the primary motive for cyber crime. It also identifies five areas that are cyber-sensitive. They are: Malicious Software, especially those under the guise of networking sites, cyber warfare - targeting U.S economy and infrastructure, software robots- specifically the attack that spread through wireless and peer-to-peer economy, mobile convergence- threat of voice fraud, threats to VOIP and the evolving economy for cyber crime.
Data Protection Law has always been a matter of controversy. General awareness, integrity and a sound security are the only solutions for the biggest threat to the industry, which employs almost half of the total working population of the county.
Posts
No comments:
Post a Comment