Where do cyber criminals focus their attacks? On the organisations with the information of most interest or highest worth, naturally enough.
When enterprises such as health insurance providers and supermarket chains hold millions of customer names together with social security numbers or credit card details, they become preferred targets for hackers.
One successful attack can garner huge amounts of valuable data, and beats launching millions of attacks at one end-customer per attack (even if that were possible).
The same holds true for businesses, instead of private customers. If you have not asked the following information security questions to your third party service suppliers, now is the time.
Third party suppliers can hold a surprisingly large amount of information about businesses like yours, and about your customers too.
They may need this information to operate properly on your behalf, for delivering your products, invoicing your customers, or other functions they perform for you. However, you need to know:
- The types, quantities and levels of confidentiality of data you entrust to third party providers
- The security that those providers apply to safeguard your information
- Whether or not they keep your information on systems operated by another party (cloud providers or others)
- If special procedures are followed to cordon off your information from that of other clients, including access, modification, transfer and logging of each of these activities
- How the third party tracks security and detects possible data breaches, and how you would be notified if such a breach were to occur.
Data boundaries are no longer defined by the physical perimeter of the enterprise.
You must therefore ensure that whoever has legitimate access to your data and possibly the data of your customers takes precautions that are no less stringent than your own, and will also sign a contractual agreement to that effect.