Posted in: Information security, Latest News & Views
Companies can put a lot of work into protecting their own networks and avoiding costly data breaches. But breaches that occur at third-party vendors and other business partners can cost organizations just as much.
When adding up the costs of a data breach, it doesn’t matter much which company’s “fault” the incident was. While some service providers assess penalties for security issues, the company could still be subject to costly legal action, a diminished reputation and whatever damage is done with the stolen information.
That’s the lesson Bank of America learned recently after an attack from the hacktivist group Anonymous.
The group claims it has 14 GB of data belonging to the bank — as well as Thompson Reuters, Bloomberg and a service provider called TEKsystems — that hackers stole from an unsecured server in Tel Aviv. Based on emails included in the stolen data, the group has surmised that Bank of America had contracted with TEKsystems.
The bank didn’t confirm that — but officials did say the data breach was the fault of third party and that it’s own network was never compromised.
Protect data from third-party breaches
Regardless of where a breach takes place, companies need to protect their data. And checking on the security of third parties is becoming even more critical as cloud computing becomes more common.
As more organizations turn to cloud services, more data is being held outside of the in-house network and on the networks of third parties.
To protect that data, here are some of the key security-related questions IT pros or others should ask cloud computing vendors before signing up for a service:
- What are the policies and procedures in place to protect the physical data center, including the process for vetting employees who have access to clients’ data?
- What technology is used to keep one client’s data separate from others’ on multi-tenant servers?
- What encryption protocols does the vendor use to protect data in transit and at rest?
- What authentication protocols does the vendor use to prevent access by unauthorized users?
- Does the vendor properly handle data to comply with government regulations concerning privacy and security that your company must follow?
- What are the vendor’s own audit procedures? Is it possible for you to audit them?
FinanceTechNews.com delivers the latest Finance news once a week to the inboxes of over 150,000 Finance professionals.