The need for convenience and efficiency in accomplishing core management functions should not come at the price of security. No one wants to be the next “big box” chain to compromise client data. Consider these points to keep your company and client data safe when making a software purchase:
1. In the Cloud
It might seem counterintuitive, but statistics show cloud-based computing is actually safer than traditional IT systems1. We tend to equate control with security, but when it comes to cybersecurity, cloud-based systems are better equipped to offer enterprise-class security protocols than in-house systems.
Imagine the expense of replicating Amazon’s security systems, or how your in-house firewall would fare in a cyberattack compared to Amazon’s systems. The focus of security should be more on access and less on location. Using hosted solutions could also mean serious IT savings for your company, which could be used to help grow the business.
If you choose to adopt a web application or hosted solution, be sure to ask about encryption. The U.S. National Institute of Standards and Technology (NIST) established 128-bit encryption as standard in 2001, and this level of encryption is still sufficient for most types of data2. The NSA uses 256-bit encryption for sensitive data, and many online services have moved to require a 256-bit key size as a minimum standard. Bank transactions typically employ this level of encryption, for example.
Not all data is created equal. More often than not, financial information and personal identities are the objects of attack. To keep these safe, any online login form requiring a username and password should be encrypted.
Real-time access points should be safeguarded and encrypted, and so should data backups. Ask whether or not backed up data is encrypted.
3. Online Payments
When offering homeowners the convenience of making online payments, security should be the primary concern. The major payment brands, AMEX, Discover, MasterCard, Visa, and JCB formed the Payment Card Industry Security Standards Council (PCI SSC) as a self-regulatory body to prevent fraud. The payment brands require that all servicers and merchants accepting payments are compliant with their data and procedural standards. PCI compliance is the most important factor when selecting an online payment processor.
Web portal vendors might offer integration with payment processors and even offer single sign-on (SSO) access to make online payments from within homeowner portals. SSO allows for users to make payment without entering a separate set of login credentials on a secondary website. It is important to confirm that your site/web portal uses a Secure Sockets Layer (SSL) connection and that this SSL chain is unbroken in the server dialogues and “handshakes” used to authenticate payments.
4. Free Software
Many business tools are available for free trial or for free download. A common practice with free software downloads is to include a host of unwanted applications, search engines, or antivirus programs. This is termed “bundling” and could expose you to malware or viruses. Adobe Reader is free to download, for example, but McAfee antivirus is bundled with it. This might not be the worst program to have bundled in, but for many, it could still be an unwanted download.
To avoid downloading unwanted bundled programs, slow down and review all of the setup or install screens; bundled programs are often set to be included by default and usually can be omitted by unchecking a box. If you are click-happy or skip the fine print, you could end up with unwanted programs or viruses, and the hassle of rooting them out.