Rermag 5772 Thinkstockphotos 459878353 1
Rermag 5772 Thinkstockphotos 459878353 1
Rermag 5772 Thinkstockphotos 459878353 1
Rermag 5772 Thinkstockphotos 459878353 1
Rermag 5772 Thinkstockphotos 459878353 1

The Trend Of Trust: Data Security Extends to Outside Parties

May 1, 2016

The time is long gone when a rental business could be secured simply by locking the premises. The advent of rental management systems in the 1980s raised awareness about protecting information from loss, theft and competitors. This was stage one of rental data security; although back then the risks were still largely on-premises.

In more recent years, the rental data environment has absorbed two evolutions in technology. Stage two is the introduction of the SaaS (software as a service) model, where a software vendor hosts a rental business’ applications and data on a remote server. Stage three is mobility: the use of Internet portals and websites, apps on mobile devices, and other web-enabled functions such as card processing and delivery routing.

The common denominator, from a security standpoint, is the increasing involvement of software vendors and third party providers. These must be highly trusted relationships, because they impact both business continuity and data integrity. Here are some considerations that address the growing trend of ongoing involvement by outside parties.

How strong is your system’s built-in security?

Fundamental data security is the responsibility of the vendor who designed your software. When certain employees within your company intersect with certain business functions, oversight should be required – as when a newly hired employee tries to override a rate. Security tools should be robust but simple for you to use, so that if someone leaves your employment, for example, total access can be shut off with one click.

How rigorous is your hosted environment?

If you opt for a hosted solution such as SaaS, you’ve outsourced some aspects of data security to your software vendor. This can be a plus – software vendors typically have more rigorous data security measures than the average business. Nevertheless, it pays to check into your vendor’s processes. Is the vendor backing up your data consistently? What is the protocol if a server fails? Are they staying on top of innovations and new threats? Is there a log of user activities that will identify data intruders? You have the right to ask all these questions and more.

Make sure that your vendor has a periodic audit process in place. One common example of this is the Service Organization Control (SOC) audit, which generates a written report documenting internal controls. Whatever the nature of the audit, it should ensure that appropriate security controls are in place and processes are being followed.

How reliable is your local tech provider?

Most people think of outsourcing as a long-term contract with a large vendor. But if you own a small rental company, you may use a local service tech for system maintenance. In this kind of outsourcing, security practices may be marginal. Be sure to inquire about security policies before hiring a local provider, and ask for their professional credentials. If you give a relative, college student or other non-professional access to your data, you’re playing Russian roulette with security.

Are Internet-based backups secure?

The answer is a slightly qualified “yes.” While nothing that travels on the Internet can be deemed 100 percent secure beyond any doubt, remote backups are far superior to on-premise backups. The process eliminates exposure within your rental business, and offers data encryption and password-protection to prevent unauthorized access. Backups are automatically verified to minimalize data gaps in the event of a disaster.

Whether you use your software vendor or a third party data center for backups, your provider should maintain redundant storage (dual servers that store your data, in case one goes down) or have a way to switch over seamlessly to an alternate facility.

How quickly can you recover in a disaster?

When a crisis involves an entire community – such as a tornado or flood – rental companies are often at the heart of the recovery. You’ll want to get your business operating as quickly as possible, not just from a revenue standpoint, but also to help your customers. With more isolated disasters, such a fire at the rental business or a server breakdown, the stress and loss of business can be just as traumatic.

You can’t prevent a disaster, but you can prepare for it. Review disaster recovery procedures with the company that performs your backups. Ask your software vendor what steps you should take if your server fails. With a good plan in place, and access to a remote server, the loss of business can be minimal. This was the case not long ago when one of our customers lost their rental location to a fire. They were back in business within a few hours working from a trailer on site, with their data safe and secure in the hosting facility, ready to go when they were. 

Are you on top of the easy wins?

Some of the easiest security measures are often overlooked. Avoid sharing passwords, change passwords periodically and never write login information on sticky notes. Monitor system use by disgruntled employees, lock signed e-documents before transmitting them, and take all other reasonable measures to protect your data.

Ultimately, security disciplines are the most effective barrier to risk. This is a responsibility you share with your software partner, your third party providers, and your own business team. If trust is an issue with any individual or company who accesses or maintains your data, the time to take action is now.

Matt Hopp is general manager of InTempo Software: intemposoftware.com