Pause before you answer. Details matter and can be the difference between being in business or closing your doors. If your data is stored in a vendor’s database, housed on a vendor’s hardware and network or if your database is accessed by “code” that inserts, updates and deletes the data, be sure you ask them this question: “Are you SOC audited”?
It’s an easy question and if they say NO, you may want to rethink your business reliance upon them. If they say YES, ask for a copy of the SOC report from the audit firm. Audited software vendors make you and your business safer. See also: Take a Look at this CRM Built for Publishers
We recommend that all of your Software vendors provide a SOC 1 Type 2 report to you each year. The SOC report is conducted by a CPA firm that audits the vendor’s security policies, practices and tests their controls.
Every business has an asset that they can’t bear to lose, and for media companies, those assets include money, financial information about clients, and consumers’ personal data. What if your data is stolen, held by ransom ware or simply deleted by a vicious attack? Can you recover? If you thought you were safe because the data is hosted on AWS or Azure, think again.
In 2013 - 2014, Yahoo’s three billion user accounts were exposed in a data breach that wasn’t discovered until 2016. In the breach, names, email addresses, phone numbers and other personal data were stolen and even today, no one is sure what was done with the data. When Yahoo was sold to Verizon, these data breaches were uncovered and the sale offer was cut by $350 million.
The 2019 Cost of a Data Breach Report reveals that businesses contend with significant damages when their systems have been compromised. They lose consumer trust and revenue, pay regulatory fines and increased insurance costs and face damage to their business reputation. The report also noted that the average time it takes to “identify and contain” a data breach is 279 days. That’s up from 2018 and also increases the total cost of the attack.
The best security step you could take for 2020 is to be sure all your software vendors are SOC audited, annually. The SOC1 Type 2 report consists of an audit period from 3 to 12 months. The audit is conducted by a licensed CPA firm and they generate an audit report that tells you if your vendor has the security policies in place and actions taken to enforce the policies that keep your data (intellectual capital) safe from cyber threats or malicious acts.
Your customers are sharing information with you that is vital and they depend on you to protect them from malicious cyber attacks. Thankfully, your business can work with a trusted CRM partner that has a laser focus on data security.
LaunchPad Media Management has recently chosen to undergo an independent SOC 1 Type 2 audit to review our systems to determine how we protect customer data. The SOC audit involved an external auditor testing our internal controls to assert if our processes operate effectively for providing secure services to our customers.
For more information about our SOC 1 Type 2 audit and how LaunchPad protects customer data, contact us or schedule a demo by clicking here.