Retail giant Target suffered a massive data breach last December that eroded its reputation and its bottom line. How did this happen? Apparently, hackers gained access to Target’s IT infrastructure via a third-party HVAC contractor that was connected to their network.
This security disaster illustrates the risk that many businesses face when contracting with third parties and outside vendors – especially small businesses that rely on external expertise but do not often have the processes in place to police a service provider’s security practices.
Third party contractors can introduce risk by accident or inattention, causing changes in the way a company’s infrastructure is used and creating the potential for significant data breaches or other weaknesses in the system.
Contractors that gain access to a company’s sensitive data and systems can also introduce malware if they are accessing a company’s infrastructure with their own software and hardware. Outsiders with lax security practices pose a real risk, since their own employees could gain unauthorized access to proprietary data and customer information.
In order to mitigate third-party security risks, businesses should consider implementing the following procedures:
Change passwords. Hardware is shipped with default passwords, which should be changed as soon as you take delivery of new equipment. Insist that your contractors change passwords on any devices they use to access your system.
Use several levels of authentication. Contractors that access company systems – especially if they are doing so from remote locations — should be required to navigate several levels of authentication to ensure connections are secure.
Keep testing your security. Periodically test your security procedures to ensure they are being adhered to by both employees and external contractors.
Security breaches can put the future of your business at risk. To ensure the necessary policies and procedures are in place to keep your business secure, contact us to schedule your comprehensive LIFT™ (legal, insurance, financial and tax) Foundation Audit.