Skip to main content

Who’s Really Responsible for 3rd Party Vendor Breaches?

Information Technology Blog - - Who’s Really Responsible for 3rd Party Vendor Breaches? - Information Technology Blog

Working with suppliers, partners, and third-party vendors has never been riskier to your bottom line. Approximately 63 percent of data breaches come from access outside a company, according to a recent survey.

Some of the most devastating cyber hacks in recent years have occurred because of vendors working with big companies. This means it is not the fault of media companies like many in the media portray.

The Reason More Data Breaches Occur because of Third-Party Vendors.

The volume of third-party contractors may be a factor be a factor in the number of data breaches. More and more big and small businesses are turning to contractors to save on costs associated with hiring full-time employees. They also turn to third-party vendors to fill specific niches such as data analysis or temporary employees. This causes companies to become trust that their data will remain safe. As you hire more and more third-party vendors, have do you ensure data from your customers and clients remain safe?

In 2015, Experian, a credit-processing agency, and other high-profile third-party vendors experienced data breaches. This shows just one data breach from a vendor, partner or supplier can damage your business. For instance, Experian’s database was hacked by cybercriminals. However, it was T-Mobile’s data they took. They confiscated personal data of T-Mobile’s 15 million cellular service customers.

T-Mobile’s CEO was “incredibly angry” about the data breach. He had a right to be angry because Experian didn’t install security patches. Whose job was it to secure data? Many class-action lawsuits are pending against T-Mobile and Experian. This means they are being equally held responsible for the breach.

Many regulators agree that the responsibility of securing and tracking collected, processed, stored and shared data is on companies. As of 2017, New York financial firms are now required to verify vendors’ cybersecurity measures are adequately secure. This is according to 23NYCRR 500.

Trust, but Verify Vendors, Partners, and Supplies

A handshake or contract is no longer the way to do business in the world of data breaches. Today, it about trusting and verifying the trustworthiness of contractors. It also requires verifying that documentation too.

Audits and assessments are the most common ways of vendor verification. Many businesses assessment is good enough. It can’t be good enough. To get the most out of the verification process, keep it simple.

Ask yourself the right questions before creating a verification assessment such as:

  • Does the contractor collect, process or store employee or customer data on your behalf?
  • What does the contractor do on your behalf?
  • What access does the contractor have to our systems, data, and networks?
  • How does a contractor ensure compliance and security measures are being followed by its subcontractors?

Each set of questions you ask yourself should be unique to each vendor you’re assessing. The questions should take into consideration the nature of your relationship with the contractor and what you believe is important to the assessment.

The Assessment is about Quality, not Quantity

It’s always important to take a risk-based approach when carefully crafting your survey. The more concise the assessment questions, the more emphasis on understanding how each vendor uses your data. This means you are better able to identify the security risks with each vendor.

For some vendors, an audit is required. Vendor audits are becoming more popular. One disadvantage is that they are a hassle. This drawback can be remedied.  Find out if your vendor has SOC-2 or a comparable certification. This will put to rest many of the concerns you have and focus on your company.

If you’re sharing highly sensitive information, conduct an audit. If you spot one or two red flags in the assessment, conduct an audit. When conducting an audit, look for threats and concerns to your company. Look to see how each vendor does or doesn’t protect your company.

Trust, but Verify is the New Normal in Business

It is no longer OK to trust your vendors are protecting your client and customer data. Trusting them but verifying that trust is now the rule. Cybercriminals are upping their efforts to hack databases. They hope third-party vendors’ systems are less secure than your company’s system. That’s why you can have the strongest security, but your customers and clients are still data breach victims.

Don’t let your customers and clients become data breach victims. Don’t take the chance that your third-party vendors are compliant and secure. Always trust but verify their security and compliance.

Data is the new currency for cybercriminals. In addition, it causes your business to incur fines, reputation damage and penalties. The opinion of who is responsible for the data breach is changing. Now, you are responsible for protecting your company’s data not your third-party vendor. That’s why you must trust your vendors only after they’ve been verify.

Author Bio: Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.

Republished by Blog Post Promoter

The post Who’s Really Responsible for 3rd Party Vendor Breaches? appeared first on Information Technology Blog.



Udimi - Buy Solo Ads from Information Technology Blog https://ift.tt/2MXR775
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi
Post a Comment
Read more

How to Stay Creative and Keep SEO in Mind

Information Technology Blog - - How to Stay Creative and Keep SEO in Mind - Information Technology Blog Search engine optimization (SEO) refers to customizing your website’s content to ensure that web browsers give your website a high SEO score. The sites with the highest SEO scores are featured on the search engine’s first page of search results for relevant searches.  71%  of the click-throughs happen with articles listed on the first page of results on the search engine. This means that if your website’s article is the second (or third, or fourth page), it’s less likely the search user will even see your article. You want your article to be ranking as close to the top of the first page of results as possible. In order to have a good SEO score your site’s content needs to feature keywords and relevant phrases. It must be optimized for easy navigation between pages. It also needs to be referenced via external links that drive traffic to your site. Incorporating all of these elem
Post a Comment
Read more

Digital World And SEO Challenges In 2020

Information Technology Blog - - Digital World And SEO Challenges In 2020 - Information Technology Blog Can you imagine a life without any digital intervention? Certainly not! We are dependent on the assistance of smart gadgets from ordering food to our tables to book tickets for vacations. Humans are utterly reliant on a masterpiece they have built with their incredible intellects. I am amazed by this. Let’s have a broader look into it. The Era Of Digital Marketing We exist in a time where every single business entity requires assistance from the digital market. It has now put an end to conventional marketing practices. To get your product the desired popularity, one must choose an E-commerce business approach. According to a survey , almost 3.4 billion people (approx. 85% of users) spend about six and a half hours browsing the web. Your customers will be more likely to do an online purchase rather than buying it from a nearby store. So, get a cool website built, use the best pos
Post a Comment
Read more