Speed of Change 3 – A Whole New Pandora’s Box
Submitted by Harry Stephens, President/CEO of DATAMATX
April 26, 2018
It’s been over a decade since I wrote a column titled “The Speed of Change.” In it, I discussed how technology was completely changing our relationship with time, which in turn, was changing our business processes dramatically. In 2007, the technologies we were figuring out how to integrate were the Internet, PDAs and the new iPhone. Fast forward four years to 2011, when I wrote a column called The Speed of Change 2. In 2011, it was a whole new set of tools, like mobile applications and media tablets, social networking and cloud services, that were demanding our attention. Within a short time, these tools, and more, were all part of our daily lives, setting a completely new standard.
Of course, since 2011, the speed of change hasn’t stopped. In fact, it’s accelerated. And while things have become easier in many ways because of these advances, things have also become scarier. In fact, what I am calling The Speed of Change 3 has opened a whole new Pandora’s box. While technological advances have provided our businesses with the potential to create more efficient systems, they have also opened new avenues for data protection threats.
We all read about these data breaches daily. Recently, I just read that the average data security breach takes less time to pull off than it does to prepare a cup of coffee, with 93 percent occurring in less than one minute. Conversely, it can take a business a very long time to recover from one. In the business we are in, where sensitive data is part of our daily work, a data breach would spell disaster. Therefore, every company, no matter what size, needs to have a security program in place. While there is no one security product or control that can prevent data breaches, it is critical that in our type of business we do what it takes to maintain the highest level of security possible with processes and procedures that eliminate vulnerabilities in a timely manner.
At DATAMATX, we have always dedicated extensive resources and implemented additional processes to ensure our clients continue to have the highest level of confidence in the managing and processing of their data. This has included successfully meeting rigorous compliance requirements year after year with third-party audits to continue to achieve FISMA, PCI DSS 3.2 and SOC 2 + HITRUST CSF certifications as well as investing heavily in cyber liability insurance.
It also includes making continued extensive upgrades to our comprehensive information security policies and procedures, establishing a continuous monitoring program and developing a risk based approach to protect the data and physical security of our three facilities. Additionally, for many years now, we have had a disaster recovery plan in place, with three comprehensive, fully redundant facilities and now have a more defined business continuity plan to ensure we meet the ever increasing client SLAs and audit requirements. To be sure, all of this took an investment on our part in time, effort and money. But what is the potential cost of a data breach in terms of time, effort and money—and a company’s reputation? I shudder to think. In a recent meeting at our facility, a cyber insurance expert we invited to speak presented a data breach case study of 50,000 PII records being exposed with a final cost of $29 million dollars with crisis management, customer notification, lawsuits and regulatory fines being paid.
Technology is constantly changing and with those changes come security and privacy threats every organization faces. At DATAMATX, we focus a great deal of our attention on ensuring data security compliance standards. And, yes, it requires an investment from a business standpoint that affects the bottom line.
However, if you want to play the game today in the service provider industry—and not be viewed as simply the low-cost provider—you must think about whether your company is doing enough to protect your clients’ data. Because it is their expectations that security is an integral part of your business model that has set the bar. So, let me leave you with this thought: If you want to be successful in the transactional and direct mail business, then it is important to understand that security and compliance are now in the driver’s seat—and the real bottom line.
Until next time – Harry
Harry Stephens is President/CEO, and founder of DATAMATX, one of the nation’s largest privately held, full-service providers of printed and electronic billing solutions. As an advocate for business mailers across the country, Stephens is actively involved in several postal trade associations. He serves on the Executive Board of the Greater Atlanta Postal Customer Council, Board Member of the National Postal Policy Council (NPPC), Member of Major Mailers Association(MMA), and member of the Coalition for a 21st Century Postal Service. He is also immediate past president of the Imaging Network Group (INg), an association for Print/Mail Service Bureaus. As an expert on high-volume print and mail, he has frequently been asked to speak to various USPS groups, including the Board of Governors, about postal reform and other issues affecting business mailers. Find more information about DATAMATX at www.datamatx.com.