Skip to main content

Who’s Really Responsible for 3rd Party Vendor Breaches?

Information Technology Blog - - Who’s Really Responsible for 3rd Party Vendor Breaches? - Information Technology Blog

Working with suppliers, partners, and third-party vendors has never been riskier to your bottom line. Approximately 63 percent of data breaches come from access outside a company, according to a recent survey.

Some of the most devastating cyber hacks in recent years have occurred because of vendors working with big companies. This means it is not the fault of media companies like many in the media portray.

The Reason More Data Breaches Occur because of Third-Party Vendors.

The volume of third-party contractors may be a factor be a factor in the number of data breaches. More and more big and small businesses are turning to contractors to save on costs associated with hiring full-time employees. They also turn to third-party vendors to fill specific niches such as data analysis or temporary employees. This causes companies to become trust that their data will remain safe. As you hire more and more third-party vendors, have do you ensure data from your customers and clients remain safe?

In 2015, Experian, a credit-processing agency, and other high-profile third-party vendors experienced data breaches. This shows just one data breach from a vendor, partner or supplier can damage your business. For instance, Experian’s database was hacked by cybercriminals. However, it was T-Mobile’s data they took. They confiscated personal data of T-Mobile’s 15 million cellular service customers.

T-Mobile’s CEO was “incredibly angry” about the data breach. He had a right to be angry because Experian didn’t install security patches. Whose job was it to secure data? Many class-action lawsuits are pending against T-Mobile and Experian. This means they are being equally held responsible for the breach.

Many regulators agree that the responsibility of securing and tracking collected, processed, stored and shared data is on companies. As of 2017, New York financial firms are now required to verify vendors’ cybersecurity measures are adequately secure. This is according to 23NYCRR 500.

Trust, but Verify Vendors, Partners, and Supplies

A handshake or contract is no longer the way to do business in the world of data breaches. Today, it about trusting and verifying the trustworthiness of contractors. It also requires verifying that documentation too.

Audits and assessments are the most common ways of vendor verification. Many businesses assessment is good enough. It can’t be good enough. To get the most out of the verification process, keep it simple.

Ask yourself the right questions before creating a verification assessment such as:

  • Does the contractor collect, process or store employee or customer data on your behalf?
  • What does the contractor do on your behalf?
  • What access does the contractor have to our systems, data, and networks?
  • How does a contractor ensure compliance and security measures are being followed by its subcontractors?

Each set of questions you ask yourself should be unique to each vendor you’re assessing. The questions should take into consideration the nature of your relationship with the contractor and what you believe is important to the assessment.

The Assessment is about Quality, not Quantity

It’s always important to take a risk-based approach when carefully crafting your survey. The more concise the assessment questions, the more emphasis on understanding how each vendor uses your data. This means you are better able to identify the security risks with each vendor.

For some vendors, an audit is required. Vendor audits are becoming more popular. One disadvantage is that they are a hassle. This drawback can be remedied.  Find out if your vendor has SOC-2 or a comparable certification. This will put to rest many of the concerns you have and focus on your company.

If you’re sharing highly sensitive information, conduct an audit. If you spot one or two red flags in the assessment, conduct an audit. When conducting an audit, look for threats and concerns to your company. Look to see how each vendor does or doesn’t protect your company.

Trust, but Verify is the New Normal in Business

It is no longer OK to trust your vendors are protecting your client and customer data. Trusting them but verifying that trust is now the rule. Cybercriminals are upping their efforts to hack databases. They hope third-party vendors’ systems are less secure than your company’s system. That’s why you can have the strongest security, but your customers and clients are still data breach victims.

Don’t let your customers and clients become data breach victims. Don’t take the chance that your third-party vendors are compliant and secure. Always trust but verify their security and compliance.

Data is the new currency for cybercriminals. In addition, it causes your business to incur fines, reputation damage and penalties. The opinion of who is responsible for the data breach is changing. Now, you are responsible for protecting your company’s data not your third-party vendor. That’s why you must trust your vendors only after they’ve been verify.

Author Bio: Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.

Republished by Blog Post Promoter

The post Who’s Really Responsible for 3rd Party Vendor Breaches? appeared first on Information Technology Blog.



Udimi - Buy Solo Ads from Information Technology Blog https://ift.tt/2MXR775
via IFTTT

Comments

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi

How to Stay Creative and Keep SEO in Mind

Information Technology Blog - - How to Stay Creative and Keep SEO in Mind - Information Technology Blog Search engine optimization (SEO) refers to customizing your website’s content to ensure that web browsers give your website a high SEO score. The sites with the highest SEO scores are featured on the search engine’s first page of search results for relevant searches.  71%  of the click-throughs happen with articles listed on the first page of results on the search engine. This means that if your website’s article is the second (or third, or fourth page), it’s less likely the search user will even see your article. You want your article to be ranking as close to the top of the first page of results as possible. In order to have a good SEO score your site’s content needs to feature keywords and relevant phrases. It must be optimized for easy navigation between pages. It also needs to be referenced via external links that drive traffic to your site. Incorporating all of these elem

Everything we know about HHS Protect, a secretive government project with Peter Thiel's Palantir that helps brief Trump's coronavirus task force

A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus .  Dubbed "HHS Protect," the effort tracks information from around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  HHS uses Palantir Technologies , a data firm cofounded by Peter Thiel, to distill that information for the White House coronavirus task force. Visit Business Insider's homepage for more stories . A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus.  Dubbed "HHS Protect," the effort includes roughly 2.5 billion pieces of data from healthcare providers, government officials, and labs around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  The goal is learn about the progress