We are open honest and trustworthy and look at every issue from all perspectives
Cyber-security: The elephant in the room for debt collection processes
Cyber-attacks and security breaches are on the rise. During the previous year only, we witnessed a marked upturn in the volume and creativity of hacks where some of the largest companies and multi-national organizations have hit the headlines as victims of cyber-crime.
Data breaches, a prevalent form of cybersecurity threats, and their devastating effects, draw a lot of attention nowadays. These egregious and disturbing cyber-attacks are not limited to large enterprises or to companies operating in a specific industry neither are solely linked to the number of records compromised. Take for example the data breach of one of the Internet giants , Yahoo, back in 2013, where more than 3 billion user accounts had been compromised or the Olympic Destroyer , a malware that targeted the 2018 Winter Olympic Game in Pyeongchang, South Korea by stealing several employees’ credentials. In all cases, data breaches have huge business (and operational) impact that comes with a plethora of negative consequences such as irreversible reputational damage, loss of customers’ trust, severe financial losses and hefty fines imposed by governmental authorities due to their failure in complying with the data protection legislation and in particular with the General Data Protection Regulation (GDPR).
GDPR was enacted to give citizens and residents more control over their personal data by posing strict data handling rules in place for governing “controllers” that collect data from EU residents and “processors" that process the data on behalf of controllers. Under the GDPR, data controllers must report a data breach to the supervising authority within 72 hours of becoming aware of the breach.
It's no secret that debt collection agencies have a veritable treasure trove of valuable data that makes them an attractive target for cyber-criminals. Credit card information, social security numbers and consumers’ personal identifiable information, just to name a few. In addition, most of the debt collection agents are working online these days, making it easier for cyber-criminals to track their habits and whereabouts from their digital footprint even if the agency does its best to secure their information from any impending attack. Debt collection agencies should always beware about the protection of sensitive information they have in their procession and never act complacently. A breach of a company's system doesn't mean that the company did not have a security mechanism in place. At the same time, the fact that there have not been any breaches doesn't mean that a company is secure forever. The question that naturally arises is: How can any debt collection agency protect its customers and their valuable data?
Below are 4 tactics every debt collection agency should bear in mind in order to protect its customers’ data.
1) First and foremost, every agency should identify the nature of the data stored or processed by the agents and their associated risk. Social security numbers do not have the same importance in all countries. For example, in the USA, large amounts of personal information, including tax information, credit information, and medical records, are keyed to the Social Security Number thus playing an unparalleled role in identification, authentication, and tracking of citizens.
Instead of assuming that the collection agency is considered safe because data breaches haven't been frequent, administrators need to evaluate their deployed systems and protection strategies in an honest, thoughtful manner. If they find vulnerabilities, hackers undoubtedly will too. Βest practices should be considered in order to avoid such situations.
2) Another useful tactic is to have security breach detection mechanisms in place that send alerts when protected data gets stolen. In this case, theft of data may not be prevented but a situation where the cybercriminals will have access to a company’s database for days, even weeks, may be avoided.
3) In case there are no in-house resources to provide protection to the debt collection agency a security expert should be engaged to assist in implementing best practices in cyber-security and propose sophisticated solutions to prevent and -in the worst case of data breach-, to respond with appropriate actions. Such solutions are often based on (Big) Data Analytics that are used to find emerging trends in a timely and accurate manner and thus eliminate them faster and easier. Several techniques based on anomaly detection can be used in order to constantly monitor the network activity and the real-time data streams coming from the communication of the debt collection agents and their clients or the people they communicate with. As a result, cyber threats are identified as they occur and thus it is easier to be isolated and neutralized without harming the agency.
Analytics, provide usable intelligence through insights and give context to emerging cyber threats, eliminating any unnecessary enterprise disruption. They can also be used in cases where data are stored in the cloud and offer effective protection against data breaches. More specifically, the so-called area of Security Analytics together with Machine Learning and Automation play a crucial role for many debt collection companies that try to understand the validity, scope, extent and nature of a data breach in order to deal with it effectively. Machine Learning-based solutions have somewhat remedied the situation by enabling organizations to cut down the time it takes to detect attacks. But in this case, the data breach has already happened.
4) Finally, the best way for a debt collection agency/organization to predict a potential cyber-attack and be prepared for it to utilize predictive analytics. Predictive analytics is the field that is gaining momentum in virtually every industry by looking into the future and obtaining foresight they lacked previously. This rising trend is now finding its way into the domain of cybersecurity, helping to determine the probability of cyber-attacks against organizations and agencies and set up defences before cybercriminals reach their perimeters. Already, several cybersecurity experts and analysts are embracing this technology as the core of their security offering.