Business Culture of Security: Do you audit your vendors?

Over the last few months we have examined what your business needs to do:

The next topics to be covered:

  • Audit the security practices of contractors and service providers.
  • Implement information disposal practices to prevent unauthorized access to Private Personal Information.
  • Create a plan for responding to security incidents.

Auditing the security practices of contractors and service providers

You need to look at the companies who provide your cleaning services, payroll, web hosting, Cloud services, customer call center operations, data processing and backup, network administration, Human Relations, employee recruiting, Insurance and retirement plans. Any contractor or service provider who has or could have access to the Private Personal Information you collect and store.

Before you outsource any of information sensitive business functions investigate the company’s data security practices and compare their standards to yours. If possible, visit their facilities, web-site, Yelp and LinkedIn company profile. Do you know what their employees are saying about their customers in Facebook?

Address security issues for the type of data your service providers handle in your contract with them. It would be a good idea to have the contract reviewed by your attorney.

Do they run background checks on the employees who could have access to your information? Often the only people in your business at night are from the cleaning service. It may be months before your employees know their Social Security number is being used by someone to get employment in a different city.

Insist that your service providers notify you of any security incidents they experience, even if the incidents may not have led to an actual compromise of your data. A breach of the vendor’s database may mean you need to notify your customers that their information has been exposed.

Know your vendors. When you hire them their actions (or lack of actions) could become your problem.

Advertisements

About Bruce Demarest

Bruce Demarest is a Identity Theft Protection Specialist. He has designed and taught classes to educate individuals and businesses in identity theft risk management. The individuals have learned how to continuously monitor their financial identities from credit fraud, plus how to monitor their personal identifying information for unauthorized use. His business clients have become compliant with the federal & state privacy laws. He has conducted information security audits to identify their potential problems and has designed security policies, programs, and practices to address those problem areas.
This entry was posted in Business Identity Theft, Identity Theft Protection, Security Culture and tagged , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s