HOW DO WE SECURE YOUR DEBT COLLECTION DATA?

Recent events have reminded us that companies’ software and data processing systems need to be maintained and monitored for security.  Debt collection has to do with people’s wallets, which requires discretion.

• The law, including GDPR, imposes security measures to avoid leakage of personal data. But GDPR only requires “appropriate measures” leaving room for interpretation. That is until a problem arises, and a judge vets the systems to decide whether existing measures were “appropriate”.
• Additionally, a company that holds information of any kind, be it personal data as defined by GDPR or sensitive data such as a list of receivables with their details, has every reason to ensure that such data is not accessible to unauthorized parties. Reputation is at stake.

How does TCM ensure that its systems are safe?

Cloud based

TCM Belgium’s information technology is cloud based since 2014.  This was a significant step forward in terms of availability and security. Prior to 2014, we experienced some problems (not linked to privacy though) due to the malfunction of our own servers.  Since 2014, we have had continued access (no downtime except when internet or electricity is down, being a couple of hours a year).  We have had no security alert. Indeed, configuring cloud computing is a matter for specialists but such systems are more sophisticated than what a smallish company can offer with its own servers. Hence the resulting tool is much safer in many aspects.

Back Up

In the past, we needed to take removable back ups home every night. This was inconvenient and never fully efficient as reconstruction based on a back up was an adventure.  Now we have professional back up’s designed by a Cloud provider.

Debt collection data

Since 2014, your claims, our actions, the debtor’s debts and payments, are all stored on Amazon Web Services (AWS).

The systems we use to access that data is maintained and continuously developed by a specialist : EASI.

This configuration means that our clients have access to their claims and statistics through their internet browser.  It also means that they can exchange messages with us, with full GDPR compliant privacy, through this web-based platform.

The system is regularly tested for uninvited penetration. No significant threat has been detected and even minor issues are fixed. The system is protected by specific security software layers (F5 – Web Application Firewall).

E-mail traffic

For 10 years, our e-mail traffic has flowed through the Office365 platform from Microsoft. We sometimes have minor issues, but we experience the exceptionally fast, efficient and friendly support from Microsoft.  Needless to say: it is quite securely built. We have not had any issue with loss of data or security breaches.

On top of this service, we have added a specific and dedicated layer of software (EASI AntiSpam-as-a-Service) to filter spams addressed to us.  The purpose is to avoid the risk of clicking on malicious links.

Personal PC and malicious threats

Everyone at TCM has his own laptop (Surface Pro).  They are not organised on a network whatsoever.  They can connect from home or from anywhere in the world (and can use their office phone from any place). This entails great flexibility but also threats. We therefore installed the powerful SentinelOne security system.  This is not only a virus threat protection, but a full pc security tool based on artificial intelligence. It analyses the pc’s activity and detects unexpected action. And in case it fails to block a virus, it can roll back the pc’s systems to the last safe situation.

Passwords

The most common method for fraudulent access to data is by using a regular user password.  For this reason, we installed Dashlane for every TCM colleague.  Dashlane is a password vault and a password generator.  It includes useful tools (like automated login and password sharing).  But the main benefit is for us all to have complex and different passwords for each application and to change them regularly.

Conclusion

We all know that there is no system that is 100% safe. This was true in the 19th century paper and metal vaults world. It remains true in the 21st century of data encryption.

At TCM we think that we have adequate measures in place to keep our client’s and debtors’ data safe. As it is an ongoing problem, we will keep maintaining our systems and will install new ones when necessary.

Read more on our IT tools.

Questions?  Please contact us.

February 2020

HOW DO WE SECURE YOUR DEBT COLLECTION DATA?

Recent events have reminded us that companies’ software and data processing systems need to be maintained and monitored for security.  Debt collection has to do with people’s wallets, which requires discretion.

• The law, including GDPR, imposes security measures to avoid leakage of personal data. But GDPR only requires “appropriate measures” leaving room for interpretation. That is until a problem arises, and a judge vets the systems to decide whether existing measures were “appropriate”.
• Additionally, a company that holds information of any kind, be it personal data as defined by GDPR or sensitive data such as a list of receivables with their details, has every reason to ensure that such data is not accessible to unauthorized parties. Reputation is at stake.

How does TCM ensure that its systems are safe?

Cloud based

TCM Belgium’s information technology is cloud based since 2014.  This was a significant step forward in terms of availability and security. Prior to 2014, we experienced some problems (not linked to privacy though) due to the malfunction of our own servers.  Since 2014, we have had continued access (no downtime except when internet or electricity is down, being a couple of hours a year).  We have had no security alert. Indeed, configuring cloud computing is a matter for specialists but such systems are more sophisticated than what a smallish company can offer with its own servers. Hence the resulting tool is much safer in many aspects.

Back Up

In the past, we needed to take removable back ups home every night. This was inconvenient and never fully efficient as reconstruction based on a back up was an adventure.  Now we have professional back up’s designed by a Cloud provider.

Debt collection data

Since 2014, your claims, our actions, the debtor’s debts and payments, are all stored on Amazon Web Services (AWS).

The systems we use to access that data is maintained and continuously developed by a specialist : EASI.

This configuration means that our clients have access to their claims and statistics through their internet browser.  It also means that they can exchange messages with us, with full GDPR compliant privacy, through this web-based platform.

The system is regularly tested for uninvited penetration. No significant threat has been detected and even minor issues are fixed. The system is protected by specific security software layers (F5 – Web Application Firewall).

E-mail traffic

For 10 years, our e-mail traffic has flowed through the Office365 platform from Microsoft. We sometimes have minor issues, but we experience the exceptionally fast, efficient and friendly support from Microsoft.  Needless to say: it is quite securely built. We have not had any issue with loss of data or security breaches.

On top of this service, we have added a specific and dedicated layer of software (EASI AntiSpam-as-a-Service) to filter spams addressed to us.  The purpose is to avoid the risk of clicking on malicious links.

Personal PC and malicious threats

Everyone at TCM has his own laptop (Surface Pro).  They are not organised on a network whatsoever.  They can connect from home or from anywhere in the world (and can use their office phone from any place). This entails great flexibility but also threats. We therefore installed the powerful SentinelOne security system.  This is not only a virus threat protection, but a full pc security tool based on artificial intelligence. It analyses the pc’s activity and detects unexpected action. And in case it fails to block a virus, it can roll back the pc’s systems to the last safe situation.

Passwords

The most common method for fraudulent access to data is by using a regular user password.  For this reason, we installed Dashlane for every TCM colleague.  Dashlane is a password vault and a password generator.  It includes useful tools (like automated login and password sharing).  But the main benefit is for us all to have complex and different passwords for each application and to change them regularly.

Conclusion

We all know that there is no system that is 100% safe. This was true in the 19th century paper and metal vaults world. It remains true in the 21st century of data encryption.

At TCM we think that we have adequate measures in place to keep our client’s and debtors’ data safe. As it is an ongoing problem, we will keep maintaining our systems and will install new ones when necessary.

Read more on our IT tools.

Questions?  Please contact us.

February 2020