Data Security Goes Beyond Encryption

Over the weekend Bell announced that more than 22,000 SMB customers’ user data was compromised and posted online. So what was the source of the breach? A third-party supplier.

While not directly related to encryption, this particular incident highlights another key aspect of data security that is often overlooked, how partners handle data. In this particular instance, a company Bell works with was hacked and information stolen. While not a large-scale breach in comparison to recent events in the news, it’s a breach nonetheless.

This really highlights the importance of ensuring all partners and third-party suppliers are regularly audited to guarantee compliance with organizational security policies. Security always starts with an internal look, but should always expand outside the walls of the business. Key things an organization should take into consideration include:

  1. Have you had an independent assessment of the data/information risks within the business?
  2. Have you identified high-risk business associates, partners and suppliers?
  3. Have you validated which information and security controls they have in place and where any gaps may be?
  4. How do you know your business associates are actively managing the security of your company’s data?
  5. Is someone assigned the responsibility of keeping up with privacy and security governance including monitoring outside associates and suppliers?

It’s simple really and it’s summarized easy in this graphic:

EnsureCompliance

While hindsight is typically 20/20, it’s the last thing you want to rely on when it involves the security of your customer’s data.

Previous Post
Managing Security and Compliance
Next Post
Enabling the IT Security Admin

Related Posts

A Long Ride for Stolen Data

Have you ever wondered what happens to your data once a thief gets their hands on it? Bitglass, a cloud security company conducted an experiment to find out just what happens when data has been stolen. And the answer may…
Read more

Exiting out the backdoor

In late December it was revealed that RSA allegedly implemented flawed encryption technology to enable an NSA back door into its tokens. As a result of this, a few key speakers at this year’s RSA 2014 conference are backing out of…

Database Security

Buffer, a social media scheduling service, Buffer, found itself on the receiving end of a data-breach back in October. The culprit behind the breach was the company’s database provider. The breach resulted in the exposure of user account credentials that…
data breach

The Most Costly Data Breaches of 2015

Have you lost track of the number of data breaches that have taken place in 2015? Before the year draws to an end, it’s nearly a certainty that there will be more, and that they will be high profile. (more…)
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
 
Contact Us
 

This will close in 0 seconds