Ethicall’s Business Process Director David Williams tells us more.
The issue of client data in the hands of a field agency has always posed a number of worrying concerns around where that data is stored and what happens to it once in transit to and from an agencies portal or paper based process and the clients own system. Whilst it is relatively straight forward for these processes to be tightly controlled at field agency head office to client level, the same isn’t true when sensitive data is sent out into the field and placed in the hands of a field agent.
Most field agencies utilise self-employed field agents so it is difficult to impose strict controls and policies regarding client data on them due to the nature of their employment status with that agency. This is arguably when the client data is most at risk and therefore open to misuse, being mislaid or being at risk to the outside world because strict controls are not properly enforced.
David Williams shows off Ethicall’s brand new Field Enabled Technology (FEN’s) hardware
Breaking the mould again
Ethicall has already demonstrated to a number of clients over the last couple of years that the conduct of our representatives on the doorstep is taken very seriously by us, which is why we employ all of our field staff. Having credit industry experienced people with the right gravitas representing us and our clients on the doorstep gives us a high degree of management control over our clients exacting requirements when it comes to interviewing their customers, however we have taken this process on further by implementing the same standards and controls when it comes to handling client sensitive data in the field.
Field Enabled Technology (FEN’s)
FEN’s is a combination of hardware and software technologies that we have developed and engineered around every aspect of our business processes with one main key objective in mind which is to keep data secure whether it is at rest or in transit and throughout the full case lifecycle.
Our strategy to meet these objectives falls in to two key stages:
1. Data at client to Ethicall head office level
In order to fully protect data at this level all cases that require an Ethicall field visit are (unless a client specifies an alternative method of securely sending their customer data) uploaded via Ethicall’s proprietary web portal called EWS (Ethicall Workflow System). These cases are uploaded via a 256-bit AES SSL link which securely encrypts the data during transmission to Ethicall’s dedicated hosted server which in itself sits behind a Cisco Firewall that incorporates sophisticated Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) processes.
Once securely uploaded, client data resides on the Ethicall database server which in itself is protected by an additional layer of security by way of a database firewall to protect the data at rest. If for any reason the hardware firewall is compromised then this extra layer will secure the data and protect it from potential SQL Injections as well as various other database attacks.
Some of the world class brands that make up Ethicall’s Field Enabled Technology
2. Data in the field and End-Point Security (EPS)
Ethicall takes the issue of end point security very seriously due to the field based nature of its business and the type of client data it handles. To this end all Ethicall field operatives are solely employed by the company which enables effective management and control of its field based policies for conducting customer visits and handling client data. Ethicall believes that it is only the employed nature of their field personnel that enables them to issue, manage and control client data in the field using secure technology. This technology utilises the latest Hewlett Packard laptop hardware that is centrally managed by the Ethicall IT Administrator. Features such as disk encryption, pre-boot authentication and device access management are just a small part of Ethicall’s policy around field hardware asset management. In terms of software Ethicall utilises the latest Malware protection using the powerful Microsoft Forefront Online Protection for Exchange (FOPE) engine that is centrally managed by the Ethicall IT Administrator. In fact Ethicall goes an extra step further by employing Microsoft Windows InTune, a comprehensive web-based solution that enables the complete inventory management of all hardware, software deployment, licensing, upgrading and patching including its Malware protection suite.
Never become complacent
Even though FEN’s demonstrates that we at Ethicall are very proud that we can offer our clients a high level of reassurance when they entrust their data with us, we are always mindful of the fact that we need to not only stay one step ahead of the technological trends that are relevant to our business but we also need to ensure that we constantly maintain and rigorously test our current systems to ensure their integrity. We do this by conducting regular in-house vulnerability tests as well as an annual penetration test conducted by an industry leading independent vendor.
It is the satisfactory outcome of these tests that enables us to be confident in answering that all important question from a client or potential client when they ask us… “ Is our data safe in your hands? ”