What is information security?
Information security or infosec is a set of policies and practices that an organisation undertakes in order to protect the information of its users, customers, or employees. An important part of this responsibility is ensuring that the organisation – whether they’re handing their own data or another entity’s data – develops clear risk management processes. Succinctly put by OneTrust, “An ironclad cybersecurity program is a cornerstone to providing assurance to clients, site visitors, and prospective consumers their personally identifiable information (PII) is safe at all times”.
Why is information security important for digital business card providers?
In their most basic function, digital business cards hold Personally Identifiable Information (PII), e.g. full name, phone numbers, emails, addresses, social media profiles etc. Digital business card providers centralise the PII of its users, and therein takes on the responsibility of personal privacy liability for each user.
When using a business card, you can rest assured that you are the only person who can give out your own information. This must remain true for digital business cards. When subscribing to a digital business card platform, you are subscribing to a means of information exchange, and you should not be at risk of your provider taking the reins of exchanging your data at their own prerogative.
The appetite for data privacy and security demands grows every year. A McKinsey report showing that as “consumers become more careful about sharing data, and regulators step up privacy requirements, leading companies are learning that data protection and privacy can create a business advantage”, giving evidence to a growing demand for information security and privacy.
What you can do to make sure your information is secure when choosing a digital business card provider?
We provide our clients with a simple checklist you can use in order to ensure your data is stored and managed securely.
- Seek an information security authority when choosing a digital business card provider. This includes technical employees, online resources, and independent consultancies / services.
- Think about the data that that digital business card service can collect. Do they have an opportunity to collect data that is deemed as private or personal? If so, are they stating how they will use this data?
- Always read the Terms and Conditions. This may seem obvious but it’s the bread and butter to how a digital business card provider intends to use your information now and in the future.
What could the future of information security in the digital business card market look like?
The future of information security for digital business card providers lies in what data is being generated through their usage. There are various digital business card providers that each offer different methods to share contact information. Digital business card providers that require an internet connection to use should require your greatest attention, for if your information is being shared via an internet webpage, data is indeed being collected, processed and possibly sold without full disclosure. All in all, as technology continues to transform different parts of our individual and professional lives, we must be wary of how our personal information is used.
What does Doorway do for information security?
Doorway’s backend has been specifically designed so that Personally Identifiable Information (PII) is encrypted, securely stored, and never shared. We recognise the importance of data privacy and security and will always meet the responsibility of carrying of the personal information stored in your digital business card. Our clients regularly conduct audits of our data privacy & security protocol, and we have been authorised to share the following quote from CBRE:
“Doorway is committed to offering world class data protection standards to ensure client data is safe. The types of data that will be involved with this vendor are Employee Name, Designation, contact number, email, office address. Doorway’s hosting environment is fully compliant with disaster recovery procedures. Their cloud hosting providers maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI certification, and a SOC 2 Type II…this is a reflection of the good controls in place with the vendor and good responses…In summary, based on the Doorway’s responses to the SIG, their documentary evidence, and the use of an industry leading Cloud provider, I recommend approval and affirm that a low-risk rating is warranted and appropriate”.
Furthermore, as a company, we believe in the currency of data privacy and ownership. As we continue to grow our product offerings, we make a firm commitment to keeping our customer and user data private, wishing to be part of a world where you can have trust in the software-based services that help us with our everyday tasks.
We have engaged Ernst & Young as our data privacy & security auditor, and have worked with their team in our achieving SOC II certification.
For further information on all we do keep our users’ and customers’ data secure and safe, please download Doorway’s Information Security Bundle here.
Hugh,
CISO at Doorway
