When you work in a central station, your most important task each day is to keep your customers safe by assisting them in potentially some of the most stressful and scary times they may ever face. Some days may be a little slow and you may be more consumed with clearing false alarms instead of facing those life-threatening situations. But we all know that security companies such as Monitronics are ready and willing to help our customers through anything that comes their way.
But have you thought about another situation that could be a different type of threat to your customers? Right now there are criminals out there looking at your central station as a gold mine of information. They are dreaming about the dollars they can make from selling your customer information on the Internet’s equivalent of the black market, and buyers are waiting for someone to sell.
As an alarm industry professional working in today’s modern central stations there are many approaches for securing customer information. Here is one approach that I think sums it up quite nicely: People, Process, Technology. Pretty simple ― three words that provide a framework for security.
Many of you reading this may say, “You know, that sounds an awful lot like the PCI (Payment Card Industry) standards framework.” Yep, it sure does. PCI is a standard that has been around since the late 1990s and came into the mainstream not too long after what is commonly called the “Internet era” began. I am not advocating that PCI is the one and only security standard; however, I like how they describe their framework of People, Process, and Technology when it comes to security. Let’s use this to talk through how this might apply in today’s central station environment.
People
People are the best resource that a central station has when it comes to securing customer information. Encourage the people working in your central station to speak up if there is a concern or if something doesn’t look right, and train them on how they can contribute to the overall security of customer information in a central station. For example, sharing a password with a co-worker might be a quick resolution to an immediate problem, but the risk is not worth it. Discussing sensitive information regarding your customers when you are out to lunch may not seem like a big deal, but you never know who might be listening. Emailing or texting sensitive customer information is more risk than a person should take.
I get one question asked of me more than any other: “Should I be worried about sharing/sending this information?” Most of the time when someone asks me a question like that I return the favor with a question of my own: “If that was information about you and it was on the nightly news or on the front page of the newspaper, how would you or your company feel?” My point is that we should make sure we are using the best resource we have ― our people ― and helping them to understand how to think through these challenges and make decisions that keep our customers’ information safe. Your people are the best investment you can make when it comes to security.
Process
In a central station you are involved in a process all the time. Alarm call comes in, customer asks for help, dispatch the police. Alarm call comes in, false alarm, verify code word, cancel alarm. I am making it sound too simple, but a central station is full of process. Securing customer information in a central station is no different.
It can be pretty frustrating when you are rushing back to your desk after lunch break and all of a sudden you have to change your password because it has recently expired. Or, this one hits home for me, it is raining and you run into the building only to realize that you left your security badge in the car. How about this one, you were hoping to hear from your best friend on your break about the birth of her son but it’s time to head back to work and you have to put your phone in your locker. All of these things are examples of a process that a central station may follow to help ensure customer data is safe. Changing that password regularly helps to ensure that accounts are protected, running back out in the rain to get your security badge ensures that you can be correctly identified in your central station, and locking up your phone ensures that customers’ sensitive information is not accidently revealed.
Process gets a bad name sometimes, but here is another way to think about it: Process is a way to establish helpful boundaries to support your people and company in making the right decisions for your customer.
Technology
I have to admit that technology is the most exciting part to talk about. Being an IT professional there is nothing I like more than a new piece of technology. If I didn’t, it would be, well, almost unforgiveable.
Should you investigate technology that helps you secure your customer information? Yes. Can I tell you what the right technology is for you? No, because I don’t know your environment. But, I can tell you to avoid the temptation of an alluring, shiny object that is calling to you from your friendly technology reseller. In other words don’t fall in love with technology for the sake of technology. Know your people, know your processes, and then go out and find the technology that you can clearly understand (very important) that enables your people and enables your process.
You might be shocked to hear an IT guy say this, but people and process are the solution. Technology just enables it. Technology alone is not a solution in itself. In the security business, people are what truly make the difference, and technology can do a lot of great things for your people. I guess we never know what the future holds, but I have a feeling that people will always be the difference maker no matter the technology that exists.
There are many ways to approach securing your customer information. However, if you are doing business as a central station or looking to do business with a central station make, it a point to understand and apply a People, Process, and Technology focus. When you apply this focus you will be in the right frame of mind to successfully protect your customers’ information.
John Wideman is Monitronics’ senior manager of Data Security and Compliance. He has more than 15 years of experience in technical solutions, data security, and designing and implementing processes to improve productivity and overcome organizational challenges.