Vendors' access to your data can provide entry for breach
Tuesday, March 25, 2014 2:19:47 PM
This article was originally published in the Honolulu Star-Advertiser on March 25, 2014
Since word broke last month that Target was ultimately breached through a connection it had established with one of its vendors, many businesses are taking a hard look at what kind of access they've granted to their own vendors.
And with good reason. It will be a tough year or two for Target's shareholders, but Target will survive this. The sobering reality is that most small and medium businesses don't survive such events. With the average cost of a data breach spiraling to $188,000, 60 percent of small businesses shutter their doors within six months of a data breach.
So, what steps can small and medium-size businesses take to reduce the risk of a breach coming from an established connection with a vendor or business partner?
- Know thyself. It seems quaint, but the first step in securing anything is to know where your data is and how someone could access it. How do your vendors get into the network? Is there a point-to-point connection, or a VPN?
- Harden remote access. Make sure whatever facility your vendors are using to access your network are appropriately secured. Use strong credentials that change every few months or, better yet, two-factor authentication, such as tokens. Make sure you don't have any remote access methods that are sitting unprotected on the Internet (this happens more often than you might imagine).
- Restrict vendor access to only the things they need, and when they need them. Do they need access to your point-of-sale system? If not, lock them out of it. Do your vendors need 24/7 access to your network? If not, disable their access and enable it only during the times when it is needed.
- Monitor vendor activity. Make sure you are logging your vendor access and, if possible, their activity once they are on your network.
- Monitor all your systems for changes. This is similar to the first tip of knowing thyself. The first thing hackers do when they get into a company's network is make changes to make it easier to come back. They might install some malware onto one of the computers or create a new account for themselves. So it's critical that you log changes to your network elements and computers, and review those logs regularly. If you can catch the hackers early enough, you can minimize the damage they do to your business.
No business can stop every hacker, but by implementing these five tips, you can give your business a fighting chance.