Skip to main content

Who’s Really Responsible for 3rd Party Vendor Breaches?

Information Technology Blog - - Who’s Really Responsible for 3rd Party Vendor Breaches? - Information Technology Blog

Working with suppliers, partners, and third-party vendors has never been riskier to your bottom line. Approximately 63 percent of data breaches come from access outside a company, according to a recent survey.

Some of the most devastating cyber hacks in recent years have occurred because of vendors working with big companies. This means it is not the fault of media companies like many in the media portray.

The Reason More Data Breaches Occur because of Third-Party Vendors.

The volume of third-party contractors may be a factor be a factor in the number of data breaches. More and more big and small businesses are turning to contractors to save on costs associated with hiring full-time employees. They also turn to third-party vendors to fill specific niches such as data analysis or temporary employees. This causes companies to become trust that their data will remain safe. As you hire more and more third-party vendors, have do you ensure data from your customers and clients remain safe?

In 2015, Experian, a credit-processing agency, and other high-profile third-party vendors experienced data breaches. This shows just one data breach from a vendor, partner or supplier can damage your business. For instance, Experian’s database was hacked by cybercriminals. However, it was T-Mobile’s data they took. They confiscated personal data of T-Mobile’s 15 million cellular service customers.

T-Mobile’s CEO was “incredibly angry” about the data breach. He had a right to be angry because Experian didn’t install security patches. Whose job was it to secure data? Many class-action lawsuits are pending against T-Mobile and Experian. This means they are being equally held responsible for the breach.

Many regulators agree that the responsibility of securing and tracking collected, processed, stored and shared data is on companies. As of 2017, New York financial firms are now required to verify vendors’ cybersecurity measures are adequately secure. This is according to 23NYCRR 500.

Trust, but Verify Vendors, Partners, and Supplies

A handshake or contract is no longer the way to do business in the world of data breaches. Today, it about trusting and verifying the trustworthiness of contractors. It also requires verifying that documentation too.

Audits and assessments are the most common ways of vendor verification. Many businesses assessment is good enough. It can’t be good enough. To get the most out of the verification process, keep it simple.

Ask yourself the right questions before creating a verification assessment such as:

  • Does the contractor collect, process or store employee or customer data on your behalf?
  • What does the contractor do on your behalf?
  • What access does the contractor have to our systems, data, and networks?
  • How does a contractor ensure compliance and security measures are being followed by its subcontractors?

Each set of questions you ask yourself should be unique to each vendor you’re assessing. The questions should take into consideration the nature of your relationship with the contractor and what you believe is important to the assessment.

The Assessment is about Quality, not Quantity

It’s always important to take a risk-based approach when carefully crafting your survey. The more concise the assessment questions, the more emphasis on understanding how each vendor uses your data. This means you are better able to identify the security risks with each vendor.

For some vendors, an audit is required. Vendor audits are becoming more popular. One disadvantage is that they are a hassle. This drawback can be remedied.  Find out if your vendor has SOC-2 or a comparable certification. This will put to rest many of the concerns you have and focus on your company.

If you’re sharing highly sensitive information, conduct an audit. If you spot one or two red flags in the assessment, conduct an audit. When conducting an audit, look for threats and concerns to your company. Look to see how each vendor does or doesn’t protect your company.

Trust, but Verify is the New Normal in Business

It is no longer OK to trust your vendors are protecting your client and customer data. Trusting them but verifying that trust is now the rule. Cybercriminals are upping their efforts to hack databases. They hope third-party vendors’ systems are less secure than your company’s system. That’s why you can have the strongest security, but your customers and clients are still data breach victims.

Don’t let your customers and clients become data breach victims. Don’t take the chance that your third-party vendors are compliant and secure. Always trust but verify their security and compliance.

Data is the new currency for cybercriminals. In addition, it causes your business to incur fines, reputation damage and penalties. The opinion of who is responsible for the data breach is changing. Now, you are responsible for protecting your company’s data not your third-party vendor. That’s why you must trust your vendors only after they’ve been verify.

Author Bio: Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.

Republished by Blog Post Promoter

The post Who’s Really Responsible for 3rd Party Vendor Breaches? appeared first on Information Technology Blog.



Udimi - Buy Solo Ads from Information Technology Blog https://ift.tt/2MXR775
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi...
Post a Comment
Read more

Emulating USB Dongle – Introducing HASP Dongle Emulator Software

Information Technology Blog - - Emulating USB Dongle – Introducing HASP Dongle Emulator Software - Information Technology Blog Over the years the methods used by software developers and producers to limit the amount of users to a specific number in a licensing agreement have become more complex.  The aim of copy protection is to protect the intellectual rights and financial investment of the individual developers and manufacturing companies.   A way of getting around this protection is to reproduce the media through which you can deliver the application to other users,  meaning that the software can be replicated far in excess of that specified in the license. One of the most common methods has been to use hardware keys or dongles which will enable the user to activate an application, unlocking its full functionality without using a device.  In addition, it offers good protection against attempts to pirate the software. In this article, we will look at th...
1 comment
Read more

Advantages and Disadvantages of using Vouchers in eCommerce

Information Technology Blog - - Advantages and Disadvantages of using Vouchers in eCommerce - Information Technology Blog To decide whether vouchers and coupons are the right tool to add to your online marketing strategy, it is essential that you consider the benefit and the cost of using coupons. In this article, we will use Gtech coupon marketing strategy as an example a successful coupon strategy.  Also check out these great books on coupon codes for ecommerce . Advantages of Using Coupons Increase Sales This is the obvious benefit. Coupons serve to increase sales especially for high ticket items such as luxury gadgets. Gtech discount codes is a good example as Gtech quality is reflected on the price of both the Gtech eBike and Gtech AirRam. In order to boost sales, the company releases 10% off offers certain times of the year when online sales would normally be low. Enlarge Email List Acquiring a customer can be expensive in terms of advertising and marketing. If yo...
1 comment
Read more