Sherlok’s Adam Grocke warns that cost-cutting measures in offshoring, such as hiring unverified remote workers, are exposing brokers and their clients to significant data breach risks due to inadequate security and oversight.
Imagine receiving a call from your trusted accountant or financial planner: “I’m sorry, but there was a data breach, and your information is now on the dark web. This happened because I chose to save a few bucks by hiring someone offshore whom I’ve never met, to handle your sensitive data unsupervised from a place I’ve never seen.”
Ouch!
Here’s how we uncovered a trend that poses serious risks to brokers, their businesses, and their clients’ data.
About eight months ago, brokers began asking if Sherlok could completely manage their client retention – handling annual reviews and repricing automatically. This led to the creation of Sherlok Managed Service, where we provide brokers with an offshore team member dedicated to retention tasks.
Initially, we found that brokers were using credible, ISO-certified offshore providers with secure office environments. However, as we dug deeper, we discovered a worrying shift: some brokers, aiming to cut costs, bypassed these providers, hiring offshore workers directly and allowing them to work from home. This approach cut costs from $2,500 to $1,500 per month per person, but introduced significant risks.
While saving money might seem appealing, this trend leaves brokers – and their clients – vulnerable to cyber attacks, extortion, and data breaches.
Data security: The silent threat
Research shows that over 80 per cent of cyber incidents are caused by human error. Simple mistakes – like clicking on phishing links, leaving laptops unsecured, using unprotected Wi-Fi, and working in shared spaces – can lead to severe breaches.
Without proper cyber security training and oversight, these risks multiply. If you’ve hired an offshore team member working from home, who ensures they follow secure protocols? Often, no one.
Insecure workspaces: A breach waiting to happen
Home workspaces in developing countries often lack the security infrastructure we take for granted. Homes may have weak locks, unreliable internet, no security systems, and multiple occupants, all of which increase the risk of unauthorised access to sensitive data. How do you know who’s in the house or who has access to your clients’ data? You don’t.
Extortion: The real-life horror story
Extortion isn’t just a plot from a movie; it’s a real threat. A single passport image can sell for $1,500–$3,500 on the dark web.
Offshore workers, especially those working from home, are prime targets for criminal organisations. For someone earning $1,500 a month, the temptation to comply with extortion demands is significant.
This risk is much lower in secure office environments with strict access controls.
Lack of oversight: The hidden cost of saving money
Without proper oversight, it’s easy for standards to slip. We recently spoke with a broker who hired an offshore worker directly. The worker frequently had internet issues and was often unavailable. It turned out the employee was ‘unavailable’ because they were working for multiple brokers simultaneously, each believing they had full-time, exclusive support.
Who’s responsible? Accountability and insurance
When a data breach or cyber incident occurs, who’s on the hook? If you’ve partnered with a credible, ISO-certified provider, their insurance likely covers such incidents, potentially saving you thousands. But if you’ve hired someone directly, the liability falls squarely on you.
Even with insurance, you may be exposed if you can’t prove proper security protocols, background checks, and work-from-home policies were in place.
No one wants to tell their clients they took shortcuts to save money, especially when it leads to a serious breach.
What should you do? Protecting your business and clients
If you’re outsourcing, it’s crucial to use a certified and credible provider. For example, at Sherlok, we ensure security by:
- Partnering with an ISO 27001-certified provider.
- Ensuring offshore team members work from secure office environments at all times.
- Having secured, monitored laptops that cannot be taken home.
- Ensuring systems are locked down and monitored for breaches and suspicious activity.
- Preventing data from being downloaded.
- Mandating background checks for all team members.
- Restricting access to necessary data only.
- Having laptops without external ports.
- Ensuring teams work under strict supervision with accountability across members.
- Installing security cameras for additional oversight.
The risks of cutting corners simply aren’t worth it. By taking these precautions, you protect your business and maintain the trust your clients place in you. Don’t let cost savings lead to costly mistakes.
Adam Grocke is a former mortgage broker who launched customer retention software Sherlok in 2021.
JOIN THE DISCUSSION