You Did What?? IT Security at RightStar

By Dick Stark

In the past week, RightStar has been asked by two separate customers to certify our internal IT security policy.  Both customers are health care organizations concerned about patient personally identifiable information (PII).  As an IT consultancy it is our job to safeguard our customer’s PII by maintaining the appropriate security controls and best practices.  RightStar has an IT Security Policy and provides employee training using the below security scenarios.

Scenario #1: Traveling with a RightStar laptop. You take your RightStar laptop with you when you travel, to use at the customer site and at your hotel at night. Although you normally keep your laptop with you at all times, the one time you leave your laptop in your car, you discover in the morning that it has been stolen. Fortunately, you have a current backup of your important data, and all your email is stored on RightStar’s email managed service provider.  You’ve also password protected your laptop to make it more difficult for the thief to access any data.  Most importantly, you’ve kept no customer or PII data on your laptop.  After calling the police and the RightStar IT Security Officer, you return to the customer site.

Scenario #2: Virus infection. While surfing the internet, you pick up a virus that has severely impacted performance essentially making your laptop unusable. Your only recourse now is a phone call and Webex session with the RightStar Service Desk Team to rebuilt your laptop and restore your data.  This is a terrific time waster for all parties and could have been prevented by only surfing trusted sites and avoiding unsafe attachments and hyper-links. Also make sure you keep your antivirus software and operating system up to date with the latest patches.

Scenario # 3: Personally Identifiable Information. While working with a customer, you’ve asked for their database so you can work with the BMC application at your home over the weekend.  When you arrive home and start the upgrade, you notice that there is PII data, customer names and social security numbers in some of the database records.  You are surprised, because you asked for cleansed data. You decide to complete the upgrade anyway because it is a fixed price job and you don’t want to go over-budget. Good call?  No, immediately notify the customer that you have PII data and permanently delete the data, to ensure that it cannot be recovered.  Call the RightStar IT Security Officer and explain what happened and the steps you took to delete the data. It is better to go over-budget, than risk a security breach.

Just like service management best practices, good IT security processes and safeguards are essential. Release of customer PII data, even unintentionally, could have severe consequences for the organization that we were contracted to support. It’s up to us to recognize what is PII data, how to protect that data, and the steps to take to prevent a security breach from occurring in the first place.

About dick1stark

I am the President and founder of RightStar, Inc, an XTIVIA company. RightStar is a leading ITSM and DevOps consultancy and BMC Software Elite Solution Provider and Atlassian Gold Partner. My passion is customer success—whether it’s reducing the cost of service management, improving overall efficiency, or increasing end-user or employee satisfaction. Since founding RightStar in 2003, RightStar has made the INC 5000 list four times. In 2011, RightStar was awarded the prestigious National Capital Business Ethics Award (NCBEA) by the Society of Financial Service Professionals based upon RightStar’s foundation of honesty, ethics, and integrity. And in 2014, RightStar was selected by Forrester Research as one of 13 North American companies profiled in its ITSM Consultancy Wave Report. In 2019, BMC selected RightStar as its DSM North American Partner of the Year for its sales and partnership excellence. Finally, in November 2020, RightStar was acquired by XTIVIA, an innovative IT Solutions Provider. Dick is a graduate of Stanford University and a Project Management Professional (PMP).
This entry was posted in Business Management, RightStar, Technology Trends. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s