During the current digital era, hackers have become, in a word, creative. They have come to use the most unexpected systems to gain access to company data. According to the New York Times, an oil company was hacked using an online Chinese takeout menu used by its employees. Target was breached through its heating and air conditioning system. Hackers have also used printers, thermostats, audio visual equipment and more to gain access to private information.
The constant in all the above examples is a third party’s involvement. We know of the dangers of email and employee devices. Yet no one thought that third parties, those people we do business with, also have access to our company’s private information.
Protecting your company from the inside is a vital step in guarding private information. After following proper in-house protections, you must recognize the need to protect yourself from outside sources as well. Most third parties you work with have access to your private information. When you consider a potential addition to your supply chain, make sure to check their security.
In the last year, 23% of breaches were credited to third-party negligence. Even if you have a top notch security system, the only way you can reduce the risk of data breaches is to make sure your third parties are equally safe. Data analytics software, health insurance providers, heating and air-conditioning companies and human resource systems, such as billing or expense software, have access behind your company’s firewall and access to your private data.
For example, vending machine companies connect remotely to a company’s network to check on their supply levels. This convenience comes at a high price. Hackers can easily use this hole in your system to piggyback off the vending machine company and enter your network. Third party providers do not always have the same high standards as the companies they work with. If you need to protect your data, make sure your third party provider has proper security. You should also use file-based security to narrow the security gap between you and your third parties.
To learn more about data security, click here.