Monday, March 31, 2014

Jason Atchley : Legal Technology : Your Cybersecurity is Only as Good as Your Vendors'

jason atchley

Your Cybersecurity Is Only as Good as Your Vendors'

In-House Straight
, Corporate Counsel

As the number of cybersecurity breaches continues to rise, The New York Times is reporting that major corporations are requiring their law firms to increase security and then prove they did so.
Aditi Mukherji on FindLaw’s Free Enterprise suggests that small business owners should consider adopting this same tactic, especially with vendors. Mukherji reminds everyone the Target hackers breached the chain's security systems by using electronic credentials stolen from a vendor, adding such breaches also put the company and owner at risk for legal liability.
Requiring a vendor to show proof of cybersecurity is one way to hold the vendor accountable, says Mukherji, as well as ensuring reliability and consistency in overall online security efforts.
Here are some practices Mukherji says must be addressed immediately:
  • Distribution: Be sure the vendor isn’t putting sensitive files on portable thumb drives or emailing documents to unsecure iPads.
  • Networks: Find out if vendor computers are linked to a shared network in countries like China or Russia, where hacking is prevalent.
  • Access: Determine how many people have access to sensitive information; the greater the number, the bigger the risk.
  • Proof of vendor cybersecurity should be one facet of a larger security plan that extends to other business relations, Mukherji advises.

Read more: