Consumer financial and personal data breaches compounded by the lack of adequate security measures have been a concern for years. However, a recent spate of data breaches affecting even the most ubiquitous and used platforms on the internet, has put hundreds of thousands of individuals’ personal information at risk. But how can you be sure that your company is truly safeguarding your data?
How safe is your data?
Alex has just completed her holiday shopping list for her friends and family. She placed an order for five duvets and three comforters from an online shop for luxury bedding. After trying out the products, Alex realized that she wanted to exchange one of the duvets for a comforter. She reaches out to a Customer Advocate from the online shop who requests her to provide information such as her birth date, address, and the card details that she used to make the purchase in order to facilitate the product exchange.
Alex is one of the 2.1 billion online shoppers transacting with the over 9.1 million online retailers. In the same vein, data breaches globally have reportedly increased by 70 percent in 2022. This means, over 108.9 million accounts were compromised as of October this year. The reality of data breaches continues to pose serious security risks for both the buyers and businesses. According to IBM Security’s Cost of a Data Breach Report 2022, a single data breach can cost a company up to USD 4.35 million. About 20 percent of data breaches are attributed to weak security measures by business partners.
Boldr’s commitment to protecting client and customer data
In September 2021, Boldr began its process of becoming SOC 2 compliant. Getting SOC 2 was the next logical step to upgrade the company’s pre-existing global security measures designed to safeguard customer data across all working arrangements (remote, in-office, and work-from-home). Clients especially in e-commerce were already protected by Boldr’s Payment Card Industry(PCI) compliance. Rida Lukie, Boldr’s ICT Integration and Compliance Manager, has ensured that each layer of security compliance builds on the strengths of Boldr’s existing security infrastructure over the last five years.
SOC or Service Organization Control is a cybersecurity framework created in 2010 by the American Institute of Certified Public Accountants (AICPA) designed to ensure organizations know what to do to protect customer information from “unauthorized access, security incidents, and other vulnerabilities”. The five Trust Services Criteria that comprise SOC 2 compliance are: security, availability, processing integrity, confidentiality, and privacy. After a year of working to ensure all infrastructure, software, people, processes, and data management meet the standards set under each of the five criteria, Boldr reached SOC 2 compliance.
Becoming SOC 2 compliant was a meticulous and rigorous process that involved the independent evaluation and audit of every operational process related to the handling of all kinds of data, especially sensitive customer information. Having risk mitigation systems in place is also a critical requirement of SOC 2 to prevent any disruptions to the business caused by any foreseeable breaches. SOC 2 also ensures that every team member is trained, equipped, and set up to handle client and customer information with the highest level of discretion and integrity. Finally, the SOC 2 audit cycles after 12 months which drives the continuous improvement and optimization of all security measures to remain compliant.
“At Boldr, we consider any breach of data as ultimately a breach of trust. Becoming SOC 2 Certified was a tangible way of providing our clients a recognized and valued assurance that our internal processes, cybersecurity footprint, Infrastructure, and policy controls meet a globally accredited framework. Being globally certified validates our long-standing commitment to provide clients and their end-users the highest level of data protection.” – Ken Northmore, Boldr’s Global Director of Technology and Security.
Being SOC 2 ensures the highest level of security for Boldr’s clients across all service lines
Breaches happen when they are least expected. Getting ahead of these threats and having the mechanisms in place to protect against every vulnerability means clients can rest assured that their data and ultimately, their business is safe. E-commerce and financial services clients can bank on Boldr’s SOC 2 to supplement their own enterprise security. Additionally, partnering with a compliant company is directly beneficial for clients that have yet to begin their own SOC 2 journey as all the benefits of Boldr’s additional layers of security extend to our clients and their customers as well.
Having SOC 2 means clients can grow and scale securely
Reaching SOC 2 compliance also means all systems and processes are primed for scalability. This means that Boldr’s security infrastructure can adapt to the growth of its clients and can provide the same level of data protection at any stage. The iterative nature of the SOC 2 audit ensures that Boldr’s security measures continue to integrate the latest and most up-to-date cyber-security software and performance improvements. This is critical in light of the pace at which new cybersecurity threats emerge.
SOC 2 is integral to ethical outsourcing
Undergoing SOC 2 means becoming rigorously transparent to an accredited third-party auditor. This means internal processes related to each team member such as personal information, performance appraisals, salaries, growth trajectories, have been officially vetted as ethically sound in practice. While being a B Corp is also a formal testament to the quality and veracity of Boldr’s standards, SOC 2 affirms this commitment to operate ethically and adds another layer of accountability.
A continuous commitment to improve for our clients and community
Delivering trustworthy operational excellence to our clients and communities is built on trust. Achieving SOC 2 is only one of the ways Boldr seeks to safeguard our clients’ trust as we continue to create value for them. The next milestone in maintaining and updating Boldr’s security is achieving ISO 27001 certification. From ensuring all internal security control remains fool and fireproof, to building on our PCI compliance by achieving SOC 2, these are verifiable examples of our sustained commitment to keeping our clients’ data and success in safe and capable hands.
Glo Guevarra is the Impact Manager at Boldr. She is currently taking up her postgraduate degree in Labor, Activism, and Development at SOAS University of London.
