When hackers breached the network of retail giant Target and accessed the records of 70 million customers—including names, addresses, phone numbers, and credit card numbers—investigators discovered that a contractor was to blame. The criminals had stolen network credentials from an HVAC subcontractor that had worked at several Target locations. Thieves used those credentials to open a $162 million data breach. Last year alone, 3.4 billion records were exposed in data breaches. To protect your business computer network from a similar attack, managed IT service providers recommend taking three important steps.
1. Ask the right questions.
Before you give a contractor access to sensitive customer information, ask detailed questions about how the contractor will keep that information secure. If you aren't sure what steps should be taken, consult with a managed IT service provider for security recommendations.
2. Draft a written data security agreement.
When it comes to something as important as your security, don't rely on a verbal agreement. Put your expectations in writing. Create a security contract that both parties can agree to. Spell out your specific requirements for firewalls, data encryption, system logs, and other security measures. Be sure to include a provision requiring the contractor to notify you immediately if sensitive data becomes exposed.
3. Trust, but verify.
There's only one way to be sure that a contractor is honoring your security agreement: check to make sure. Don't just take their word for it. Test to make sure that your security expectations are being met. Remember, if a data breach occurs, and sensitive information is exposed, your business is ultimately responsible.
Don't let hackers break into your business computer network.
Intelligent Technical Solutions is a managed IT service provider focused on protecting your business against hackers, ransomware, and other cyber threats. To begin your free cybersecurity audit, contact ITS today.