Page 48 - Cyber Warnings
P. 48
Outsourcing Data- Don’t Take a Fairy Tale Approach
A vendor breach- your client’s data suddenly spilled out into cyber-space- can be every bit as
devastating as a breach taking place within your own organization!
It’s late Friday afternoon and mentally you’re out the door…well on the road to Happy Hour
somewhere. Answering the suddenly ringing phone is low- very low- on your to-do list.
Your weekend dreams vanish as the caller- your biggest vendor- informs you that they’ve been
breached...their data has been compromised. A split second later your stomach flip-flops….their
lost data is actually your lost data.
If your company’s like a great many of us, you are moving data offsite. Streams of information
literally fill the clouds, constant flows crisscrossing the world in never-ending migrations. We
outsource data for many reasons: processing, storage…and more. But once your data arrives
at its new home… how secure is the vendor?
Taking it on faith that your business partner is utilizing safe practices is at best naïve. Like
Hansel and Gretel happily strolling into the witch’s gingerbread house, we tend to visualize our
vendor through rose-colored glasses. They’re the experts- they host dozens of companies,
right? What can possibly go wrong?
Suddenly though, our vendor’s suffered a data breach. Off go the glasses- we find our prized
data’s been handled as confidentially as recycled junk mail! What do we do?
While no company’s processes are identical, there are steps we can weigh if we’re going to
safeguard our client data.
Step One: Vet your new vendor as thoroughly as you would a new employee! The
relationship is similar. Your customers have entrusted their personal information with
you, and in essence, you’re giving the vendor- just as you would your employee- the
keys to the castle when you outsource that confidential client data to him.
Ask yourself too…who selects the vendor? Is it your IT area or the business side? All
too often, it’s exclusively a business-side decision. This is a recipe for trouble. We
understand that business drivers are important, but the IT department’s ability to add
technological advice is vital to the selection process.
Remember, as you vet the potential vendor, you’re building a risk-profile. Clearly, this
relationship works best when the risk is low. If the data’s compromised, at the end of the
day- whether it’s your organization or a company you’ve chosen- it’s all the same to your
client. It’s his personal information that’s been compromised.
48 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
