The recent AMCA breach demonstrates that receivables management firms, and the sensitive consumer data we are required to manage, are being targeted by hackers who continue to become more sophisticated.
There are two key lessons every receivables management organization should take away from this unfortunate incident:
1. Compliance with regulations is only part of a cybersecurity plan
As hackers become more proficient, compliance with key security standards such as PCI DSS or HITRUST is only one component of an overall cybersecurity strategy and framework. In this instance, the entity that breached AMCA was present and undetected for 8 months. To appropriately protect the consumer data with which we are entrusted, it requires a strategic security platform that must include 24/7/365 monitoring, detection and response resources.
This requires specialized technology and skills that are not practical for most organizations to build in-house. Specialized cybersecurity firms, such as TECH LOCK, now offer managed security services which include ongoing intrusion monitoring and response as part of a strategic platform that focuses on delivering the desired outcomes for your organization.
2. Require partners with access to your sensitive data to undergo third-party assessments
When it comes to cybersecurity, you are only as secure as your weakest access point. So while it may be tempting to use the lowest cost provider for digital engagement, it is critical that you conduct due diligence and ensure that partners with access to your sensitive data also are appropriately managing cybersecurity risks with comprehensive platforms. It does not benefit your organization to cut costs if it causes you to miss critical security steps that allow a costly breach. It is important to conduct third-party assessments, ensuring that your partners also are protecting consumer data.
If you would like more information about how to develop a strategic security plan, contact firstname.lastname@example.org.