A Behind the Scenes Look at InStream’s Internal Security Protocols

Pick up a newspaper and you won’t have to dig deep to find yet another data breach story. This year alone we’ve already seen:

  • 20,000 financial advisers’ information exposed by the world’s largest asset manager.
  • More than 24 million mortgage and banking documents unprotected and exposed for at least two weeks.
  • Millions of government files, including documents related to FBI investigations, exposed on a State server.
  • 108 million personal records exposed on online gambling sites.

Oh, and that was just in January 2019.

Our reliance upon data, as consumers, businesses, healthcare providers, and governmental organizations, is ever-expanding. Data has the power to improve everything from daily life (the convenience of Amazon remembering your granola bar preferences) to big business decisions (know what products are most in-demand in which markets). That being said, data can also expose us to serious risks if poorly managed. That’s why we believe companies can never be too responsible in their data security protocols.

Your Data Security Is Our Priority

At InStream, your data security is our top priority. We recognize that in solving our clients’ challenges, we’re frequently working with what can be one of your biggest and most precious assets: data.

We go to great lengths to protect the confidentiality and security of your sensitive data. In this post, we invite you to take a behind-the-scenes look at a few of the security measures and protocols we’ve instituted for protecting the data frequently handled in our outsourced services. (Those services include data entry, fulfillment services, intuitive printing, document conversion, and other services related to managing and processing your data.)

People: InStream Employees Are Professionals You Can Trust.

Diligence and confidentiality are core elements of the InStream company culture. InStream employees are properly trained in helping to ensure that sensitive customer information is always protected. We have detailed, standardized security procedures that employees are trained to follow.

For starters, all employees go through a comprehensive background check and drug test before being hired. Next, all employees undergo security training in which they must review and agree to follow all InStream security policies. However, we know that regular review is necessary for maintaining the highest up-to-date security standards that we expect of our employees, which is why we require all employees to undergo annual security retraining. During annual training, employees have the opportunity to review the standards they already know, as well as learn about our new and updated policies.

Additionally, InStream employees only have access to the information required for the performance of their job responsibilities. This security standard limits the possibility for data compromise.

Equipment: A Chain Is Only As Strong As Its Weakest Link.

Our goal is to eliminate potential security vulnerabilities at the earliest stages possible. This goal affects both how we manage people and equipment. We’ve already touched on a few of our personnel management strategies. Here are a few things we do to create the strongest data security possible:

  • Company equipment can only be used for company purposes and not personal use. Computers, cell phones, and tablets are company property exclusively for conducting InStream business.
  • Personal mobile devices and cameras are not permitted in the service bureau or near customer documents or data.
  • Sensitive data is never shared on insecure data connections. We use a variety of technologies to ensure all data is transmitted with a high level of security.
  • Anti-virus software is installed on each production computer and is updated daily.
  • Access to inappropriate, non-work related websites is blocked from InStream offices.
  • No workstations are left unsecured if unattended. For example, if an InStream employee leaves her desk, she must lock her computer; in the event of a user failure to do so, inactivity will force the computer to automatically lock itself.
  • All InStream computers and networks are password protected.

Organization: SOC 2 Type 2 Certification… And More

InStream has achieved an SOC 2 Type 2 Certification for lockbox services. SOC, which stands for “system and organization controls,” is a security certification that recognizes InStream’s high standards in regards to the storage of customer data. SOC 2 Type 2 certified organizations have undergone an impartial third-party review by a certified public accountant, who has evaluated the security of an organization’s data storage and processing methods. We are constantly expanding similar security and controls to our other lines of business.

Always Striving for Greater Security

At InStream, we’re always looking for new opportunities to improve upon our security practices. From internal policy reviews to pursuing security certifications, we regularly learn and implement better data security practices to keep up with the changing times.
We hope you’ve enjoyed learning about a few of the measures we take with our employees, equipment, and organization to ensure your data security. Of course, this post just begins to scratch the surface of our policies and procedures. Have a question about our data security policies? Please contact us!

3 Core Tech Solutions for Local Governments & County Clerks Blog