Vendors: A Hidden Risk In Your Data Security Program

By Christopher Draven, Client Experience at Umbrella Managed Systems

A data security expert once told me…

“You want to guarantee your data is secure? Lock your computer in a water-tight box and dump it in the ocean.”

Unfortunately, business doesn’t work that way. Protected Health Information (PHI) and Consumer Financial data is everywhere, and organizations track this information to provide basic services. Data is a necessary part of doing business in an ever-connected world. Your data must be shared to be of value.

Umbrella works closely with our clients to secure data and eliminate vulnerabilities. We have successfully fended of Ransomware attacks, Phishing Attempts, and other forms of malware and cyber crime. However, even if your data is hidden behind a fortress of firewalls, there is an often-overlooked vulnerability.

How do your vendors handle the data you share?

There is a growing list of breaches where, through no fault of the client, data was breached. Industries across the spectrum have been targeted, and sometimes the easiest way in is through a trusted vendor. Target is a well-publicized example, suffering a breach of 40 Million credit and debit card accounts.

How did hackers get their hands on the company’s data? Credentials for an HVAC vendor!

Umbrella’s Tips for Managing the Data and Vendor Interactions

  • Does the vendor conduct proper security training?
  • Review the contract – Vendor agreements should include language regarding a vendor’s responsibilities in protecting your data.
  • Organizations governed by regulatory standards should enforce and monitor those same obligations among third-party vendors who have access to your data.
  • Be aware of what data you are sharing and with whom.
  • Limit data to the minimum necessary, even if it proves cumbersome.
  • Verify that data is encrypted in transit and at rest!
  • Does your vendor have a disaster recovery plan in place?

The best tip is to stay engaged with your vendors and discuss your expectations.

Managing vendor relationships can be daunting, especially when the conversation gets technical. The Umbrella ITMS 3.0 Program includes vendor management as a key component. Umbrella can keep on top of your technical relationships and keep your data secure. Contact us today!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *