Idiots are Protecting Your Company From Breaches At Your Third-Party Vendor

Look beyond provider’s compliance claims and get down to the technical details

Dark Reading, July 1, 2011, By John Sawyer

Nearly every day now, there’s news of the latest data breach: If it’s not Anonymous or Lulzsec, it’s some faceless attacker who has compromised yet another company database or network full of customers’ personal information. But what if it’s your third-party provider, like email marketing service Epsilon, whose breach earlier this year exposed e-mail addresses, including some first and last names of its largest customers, leading to concerns of extensive spear-phishing attacks on the horizon.  Major firms, such as American Express, JPMorgan, BestBuy, and Verizon, that relied on Epsilon to keep their data safe were now faced with telling their customers that the information entrusted to them had been lost — and by someone else. It’s a tough situation for both groups, but for any organization that relies on a third party to protect sensitive customer data, it’s likely you will face this problem one day. But there are some steps you can take to ensure your organization’s and your customers’ personal information is protected. Before taking the plunge and trusting your data to a third party, it’s important to establish some of the expectations that must be met to make sure both sides are protected and have reasonable expectations of one another. The first is a thorough risk assessment with annual reviews. Depending on the third party and the industry, annual risk assessment and penetration testing might be a regulatory requirement or something the vendor has chosen to perform as a competitive advantage. If the vendor is doing it simply because of regulatory compliance, it’s important to take the time and review the latest assessment reports and documentation for its security program. Look beyond the “we’re compliant, here’s our seal of approval” statements, and get down to the technical details.

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: