Third party security breaches: How to ensure your data is safe on others’ systems
August 31st, 2017
The reality of today’s cybersecurity landscape is that a company’s security extends to its third-party relationships.
Whilst many businesses are still grappling with their own IT security, it is evident that they must also consider security strategies across the entire supply chain.
Many companies, particularly those with tight regulatory bodies or running against standards such as ISO 27001, will understand the need for managing third parties in terms of data security. Different types of data can be classed as asset-types and categorised, with suitable controls in place. You have to identify what you are trying to protect before you’ll see the potential issues revolving around it.
Theoretically, many businesses will be unable to easily control the security of their data once it’s with a third party. However, it can check the third party’s controls and sign them off or demand stricter ones. For example, Data Leak Prevention, encryption at rest etc., if necessary. This check should form part of the outsourcing contract. It makes sense if both parties work to a standard, like ISO 27001, to ease integration and integrity of documentation.
Businesses and their suppliers must take steps to minimise their own IT security risks in the event of a compromise. Many IT users fall into the habit of using similar passwords, if not identical ones, for all their applications, leaving the business vulnerable. To avoid the risk of a data leak, organisations should consider implementing unique passwords for every application, account, and user.
Using multi-factor authentication will add another layer of security. It will make it more difficult for a cybercriminal to use stolen third-party credentials. The rise of the GDPR will also help businesses understand the data they hold and process, both for themselves and others. Provide real-life examples of breaches to help staff understand their role in IT security. This will remind them that they are, in fact, the first line of defence.
READ NEXT >>> Why passwords are insecure
Microsoft Azure guide for IT professionals
Whether you’re considering cloud or are already utilising cloud services it’s likely you have heard of Microsoft Azure. This guide provides you with a high-level overview of the different applications, benefits and the potential drawbacks which you need to be aware of when considering Azure. What is Microsoft Azure? Microsoft Azure is Microsoft’s public cloud […]
Wessex Cancer Trust flying high after QuoStar-sponsored fundraiser
Wessex Cancer Trust thrilled after this year’s QuoStar-sponsored fundraiser hits great heights. Wessex Cancer Trust’s annual fundraising Bournemouth Air Show hospitality event, sponsored by local IT consultancy QuoStar, raised £12,000 this year to support local people living with cancer. An annual QuoStar-sponsored fundraiser event After taking a break in 2020 due to Covid-19, this […]
Are you paying too much for IT support?
You’ve probably heard the old adage “you get what you pay for”, meaning if you choose a cheap product, you can probably expect problems. But is this true when it comes to IT support? Well, yes… yes it is. With one of the most well-known benefits of outsourced IT support being its’ cost-effectiveness, many companies rush […]