Data security in outsourcing: what you need to know

Mark Engelmann
Mark Engelmann
    3 minute read

One of the most frequently asked questions about outsourcing to the Philippines is whether customer data, privacy and information will be secure. With the latest changes to Australian privacy, data and information management legislation, this is a crucial topic that can’t be overlooked.

One of the most surprising things about data security in the Philippines is that the level of security can actually be far higher than what we commonly find in Australia. In the Philippines, Australian business can easily access services with world leading security protocols and infrastructure.

Read on to understand how to protect your data when outsourcing offshore to the Philippines.

Outsourcing models

The first, and arguably biggest, risk when considering outsourcing offshore comes when choosing an outsourcing model for your business. There are a variety of options, including seat leasing, staff leasing, freelancers and teams working from home.

Setting up a Philippines-based team of freelancers, or staff who work from home, is typically fraught with risk across many business aspects, including security. Data security and privacy protection can be hard to manage due to lack of control over the operating space, and the tools and equipment used. The physical location is normally unsecure, and computers may not be adequately protected against viruses or threats, or secured against data theft.

Secure Business Process Outsourcing (BPO) facilities

If you opt for working with a BPO, it’s important to remember that not all BPOs have equivalent security protocols or infrastructure. While some security features are quite common across BPOs, others are best practice yet not frequently implemented.

If data security and privacy is important to you and your business, there are some best practice security features that should be on your radar:

  • External entrance security

    To prevent unauthorised access to the building, it is common to see security guards stationed at main entrances or in foyers. Additional security should include keypad access which not only prevents unauthorised entry, but also restricts employees from entering the building after hours.
  • Main operations area access

    There are three levels of access that are typically seen across BPOs: no security mechanism, swipe cards and biometric devices. Swipe cards and biometrics are obviously preferred, however biometrics have a distinct edge with security. Where swipe cards can be stolen, lost or swapped, biometrics rely on fingerprint scanning of pre-authorised personnel only.
  • Mobile phones and devices

    Some BPOs allow mobile phones in the operations area and others allow them only with the client’s permission. Given that most BPOs are shared workspaces, best practice is for mobile phones and other devices to be left in a secure locker facility before entering the operations area. Staff can then access their devices during breaks.
  • USB/Hard drive access

    To prevent data theft and protect privacy, absolute best practice is for USB ports to be disabled on all computers.
  • Cloud-based program access

    One of the growing issues with cloud-based computing is the ability to lock down employee access after hours and on mobile devices, which can possibly be viewed by colleagues, friends or family members, or stolen. Some BPOs have now implemented single sign-on software to combat this issue, with great success.

Secure your data

Arm yourself with the knowledge to make security-conscious business decisions. Have a look at the security questions you should be asking, plus more, with our 33 questions to ask your outsourcing provider.

Airplane 3

Business growth tips delivered to your inbox weekly

Airplace 6
Boost your knowledge about offshoring, register for our education series here.