Given new regulations soon to be finalized by the Canadian government, it becomes more critical than ever to ensure that your third parties make data security a top priority and notify you right away when an incident or a breach is discovered.
Data Breaches Abound
A number of useful surveys highlight that third party risks are significant. A survey by Soha Systems places the percentage of all data breaches linked directly or indirectly to third-party access at 63 percent. And yet another study, sponsored by BuckleySandler and Treliant Risk Advisors from the Ponemon Institute, indicates that 37 percent of respondents didn’t believe vendors would notify them of a data breach, and when that vendor is further removed (for instance a contractor of a subcontractor), lack of trust is exacerbated, raising that number to 73 percent. The Ponemon Institute also published a white paper this past summer indicating that when a third party is involved in a data breach, the cost of the breach is significantly higher.
Regaining Control of your Sensitive Data
As IT departments continue to outsource key functions to outside professionals, it becomes more important than ever to ensure that third parties have strong security policies and practices in place. Outsourcing by its very nature involves a loss of control over the information you’ve been entrusted with, but through regular audits and investing in building a strong relationship with vendors, you can gain some of that control back.
It is also important to ensure your organization has adequate internal security expertise (and that means hands-on experience, not just book smarts) that provide an in-depth understanding of the risks to data, as well as to direct service providers on the organization’s security expectations, Knowledge is power when it comes to ever increasing data threats and enhancing security best practices to address vulnerabilities.
The service provider contract is one small way in which organizations can make expectations clear. Join us for an upcoming webinar on October 4th or October 10th to receive template clauses for your service provider contracts that address security safeguards and breach management.
Or for assistance with reducing your vendor data risks, contact PRIVATECH.1