In early 2017, Equifax experienced a breach that compromised the data of nearly 150 million Americans. If you were to sit down with the CFO of Equifax, he’d probably tell you the fallout has been tremendous. From financial damages, to legal fees, to a company’s reputation, a data breach doesn’t have to be massive to leave a devastating wake. Though a breach can occur via any number of channels, two of the most common vehicles criminals will use to access data are by exploiting vendor and supply chain relationships. Though risk in these areas can never be fully eliminated, through careful implementation of robust security protocols, it can be mitigated.
When establishing any new vendor relationship, whether it be with an accounting firm, a payroll company, a consultant, or a janitor, it must be understood that risk becomes shared, and could leave you vulnerable. Prior to moving forward with any collaboration, it’s critical to understand each vendor’s security protocol, and to vet them thoroughly. Are they ISO certified? Are their standards as rigorous as your own? Are they well reviewed, or is their track record less than exemplary? NSDS recommends requiring any third party vendor to acknowledge and commit to adhering to the standards you set for security, and that you consistently evaluate their performance to ensure the standards are being met.
Though most tend to think of data crime as occurring exclusively via cyberattack, the physical security measures you take are also paramount to protecting your data. Consider who has access to your company premises, and install the proper locks and passwords for sensitive areas. Allowing custodial staff unfettered access during off-business hours is a common practice, but leaves data extremely vulnerable. Ensuring areas are monitored and secure, and reminding employees to keep in the habit of securing their work areas/equipment are excellent ways to deter crime.
Additionally, the importance of training employees to investigate and authenticate transactions conducted on the company’s behalf cannot be overstated. Training employees to double check offshore account information and encouraging business in countries with cyber-criminal laws in place is also recommended practice.
If you’re concerned your current security protocol may be lacking, NSDS is an excellent source for auditing, enhancing, and maintenance. Contact us today by calling 978-988-0201 or by opening a ticket with our help desk at www.ns-data.com.