Data Security and Vendors

Posted by & filed under Insurance News.

20 years ago most people stored their data in file cabinets; today businesses spread their data over various platforms and vendors. Cloud storage has allowed us to move from on-site storage and secure servers to a place where virtually anything can be accessed anywhere by nearly any type of device.

The way we share company information has changed, as many marketers tend to opt for a platform that will let them post to various social media sites at the same time – while allowing them to analyze the performance of posts.

Data Security has changed from stolen physical documents to data breaches. Massive data breaches have occurred at Sony, Target and many more over the past 24 months. Bugs like Heartbleed and Shellshock, as well as ransomware have been used to attack businesses large and small. Data security is not just something that your IT staff should be concerned about. It’s something that everyone from marketers to everyday production staff needs to understand.

In most cases, the cause of a data breach boils down to how diligent an employee is with sensitive data, however, there have been recent cases were lapses in security were due to a vendor’s security. As noted above, the Target breach and SSL vulnerabilities were caused by or took their toll due to vendors. Affected companies immediately fixed the vulnerabilities soon after the attack went public, however, the fact still remains that data was vulnerable due to a 3rd party vendor.

Creating and implementing a data security plan with vendor guidelines is something that will help negate some of the threats a business may face. Below are a few tips to getting started with implementing a data security plan and reviewing vendor credentials.

Before entering into any contract, a business should always look at everything regarding their vendor, including their own security measures. By knowing how safe their information is and the steps they take to ensure its safety will allow a business to gauge the possible risk of a data breach.

Have A Plan
Even though a vendor may seem relatively secure there is always the possibility of a hack, as hackers are constantly coming up with new methods and entry points to attempt to steal data. It is imperative to understand how data is stored and accessed. Being prepared for a possible data breach and having a pre-existing plan in preparation of a data breach is something that all companies should have, but may not have completed. A quick search will reveal a variety of articles dedicated to advising businesses to draft a data security plan incase a breach takes place.

Test Your Plan
But how good is that plan if it not implemented? Making sure that the drafted plan can be executed as planed is important. Testing is key for a data beach plan to be successful; many businesses would not allow their products to reach consumers until they have been fully tested, so why would any company not fully test their own security measures as well?

Always Backup
As noted earlier Cloud storage has made storing and retrieving data easier than ever, however, despite its ease, maintaining proper backups of company information and an inventory of that information are very important. It is a rare event, but sometimes cloud servers go down and users can be left without their data; maintaining an up-to-date backup of the cloud data will allow the business to function as normal when a cloud server may be down.

“The Cloud” vs The Cloud
Understand the difference between vendors who promote “The Cloud” versus a well-designed, architected solution hosted and backed up in a secure Tier 3 or 4 data center network. Many supplicated software vendors realize their core competencies are better served by deploying managed services that help define and stay current on data security.