The massive hack of Equifax affecting 143 million people and other frequent data breaches have become the norm in news headlines. Equifax and other companies seem to pass the buck and usually blame their vendors.
Indeed third-party risks are a chief culprit in cybercrime.
Your business associates might be bigger risks for data breaches than you realize. In other words, they’re potentially third-party risks for cybercrime.
It’s not just Equifax, ask the state of Oregon. No, it’s not just the failed Oregon ObamaCare Web site that cost $307 million in taxpayer funds but it never got off the ground.
In March 2015, a hacking third-party infiltrated a statewide system – the Department of Administrative services. The agency manages technology for most of the state’s government. Three days elapsed before the state discovered the breach.
In February, outdated software exposed the Secretary of State’s office. It the state had to take data for state businesses and election records offline for almost 21 days.
In October 2014, hackers got into Oregon’s Employment Department data for job seekers. In this breach of data that included names, addresses and Social Security numbers, the state only learned about it from an anonymous tip.
Obviously, just like the businesses registered with the state of Oregon and the state government itself, businesses worldwide have third-party risks, too.
For instance, any time you outsource information technology, cloud data storage or social media functions, you’re at risk.
Oregon decided to find an expert to review its information-technology system to identify risks and to provide solutions.
To prevent third-party data breaches, the state and the private sector need to implement best practices:
1. Research the privacy and security policies of any person or company with access to your data – before you do business with them.
2. Confirm with your associates that they conduct professional-level background checks on their employees. Be sure that their subcontractors do the same for their employees, too. Require a guarantee of background checks of anyone with possible access to your system.
3. Strategize for the likelihood of cyber attacks. Make certain to have a suitable plan. Require your associates to prepare, participate and test the plan. Get a guarantee they’ll inform you of any problems.
4. Leave no stone unturned at every phase of your relationships. Perform a vendor-risk assessment. You must continue to identify, and monitor and manage the risks – before you commence relationship, during the relationship and when you end the relationship.
5. Thoroughly research the relationships of your associates. Make sure you know if your vendors are concealing vulnerabilities of their other relationships. It’s not uncommon in business for companies to have nested relationships. Every party must thoroughly protect data.
6, For complete transparency, have an internal comprehensive plan for safeguards. Security responsibilities for critical data shouldn’t be subjected to outsourcing.
7. In addition to your background check requirements, monitor in real time all location risks in any of your offshoring and outsourcing.
8. Encourage everyone you know to share information regarding all cybercrime. This is one dilemma that takes a village to solve.
From the Coach’s Corner, here are more security tips:
Information Security: How to Make the Right Choices — More than ever, businesses, government agencies and consumers are learning costly lessons about due diligence in privacy and data security. A nationally known expert tells how to make the right choices in information security.
Recruiting an IT Professional for Your Small Firm? 6 Tips for the Right Skills — Are you looking to add information technology personnel? You want to hire for a competitive edge, right? IT is a crucial position for you. The difference between failure and success requires reflection to hire for the right competencies.
How to Enhance Security in Your Company’s Wireless Network — Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you.
6 Tips to Save Time and Money by Hiring the Right Tech Consultant — If you need to hire an information technology consultant, it can be costly in time and money, if you choose the wrong person. Use due diligence. Sophisticated tech vendors and consultants of all sizes have been known for cost over-runs. Again, certain precautions are needed. Your technology dilemmas can worsen with the wrong choice – whether the person isn’t up-to-speed or simply isn’t the right fit for your organization. Either can cost you time and money unnecessarily.
Tips to Avoid Advertising Scams Tricking You to Ask for Tech Support — Advertising scams that prey on Internet consumers have prompted four Internet companies to band together to fight the abuse. The scams use harmless-looking ads to trick consumers into using phony tech support that actually enable cybercriminals to invade the unsuspecting owners’ devices.
“I know a baseball star who wouldn’t report the theft of his wife’s credit cards because the thief spends less than she does.”