As we look toward a post-pandemic world, our ability to respond to, and recover from disruption is dominating discussion across the C-suite in practically every industry.

The majority of Australian organisations are concerned about growing security risks from increased organisational complexity, according to PwC’s 2022 Global Digital Trust Insights Survey.  In fact, more than 60% expect a surge in reportable incidents next year, compared to 2021 levels.

“Ever more sophisticated attackers are plumbing the dark corners of our systems and networks, seeking — and finding — vulnerabilities,” says PwC Australia. “Wherever there’s a weakness – an unprotected server, an exposure in remote access or lack of cyber awareness — attackers will use every means at their disposal, traditional as well as ultra-sophisticated, to exploit it.”

Despite this, many leaders are neglecting supply chain cyber risks, leaving businesses exposed and vulnerable to security breaches. Nearly half have an insufficient understanding of the risk of data breaches through third-parties, while nearly one-fifth have little or no understanding at all of these risks.

These challenges are occurring against the backdrop of a fast-changing privacy landscape. Regulators are becoming more active in investigating compliance and enforcing privacy and consumer rights relating to personal information. A wide-ranging review of the current Privacy Act is expected to transform how companies protect and manage their personal data.

For companies looking to realise efficiencies from offshore talent, finding a provider with proven security expertise and mature data and security practices is non-negotiable. But it’s often easier said than done.

The two most common mistakes made by businesses when assessing offshoring providers include:

> Not adequately vetting security credentials

Is the provider ISO27100 certified? This is a baseline requirement for any offshoring company as it means they have proven processes and policies in place to ensure the confidentiality, integrity and availability of the data they manage.

Are they GDPR compliant?  If your business collects and processes EU data, your offshore provider must maintain compliance.

Do they demonstrate a thorough working knowledge of the Australian Privacy Principles (APP) and how these will apply to your offshoring agreement?

> No emphasis on security in the contract

For all the risks and regulatory requirements mentioned above, IT security should be front and centre in your service agreement and part of every conversation. Leading providers will clearly state all of their data protection and security management practices, so you know exactly where you stand.

So, what steps can you take to ensure your offshore provider offers best-practice security standards?

These three tips should be top of your list:

1. Open door policy

Leading providers will encourage you to examine their security frameworks. They’ll welcome your questions and explain the measures they use to keep your people, equipment and data safe. They’ll provide you with a clear understanding of their obligations and yours.

2. No surprises

There should be never be a “but we didn’t discuss it” moment. To mitigate this, ask the provider to step you through their approach to maintaining device security, workplace security and employee security. You should also request access to the policies they use to uphold ISO27100 certification.

3. Ask the important questions

What is the provider’s Microsoft Security Score? Who is responsible for a breach – and does the provider have a data breach response plan? What happens in the event of disruption or disaster?

OBS is a leading offshore provider for small businesses and large enterprises. Reach out to find out how we maintain the highest levels of security achievable, to keep your people and data safe.