BreachExchange mailing list archives
What are you doing to prevent a data breach
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 15 Dec 2016 18:42:49 -0700
https://securitiescompliancesentinel.foxrothschild.com/cyber- security/what-are-you-doing-to-prevent-a-data-breach/ A broker-dealer recently agreed to pay a $650,000 fine after an OSJ’s cloud vendor failed to adequately protect customer information. Apparently, an outside hacker was able to gain access to non-public personal information about the firm’s customers. This breach and resulting fine should certainly serve as a wake-up to all firms, but, in particular, to smaller firms. These firms are those who are more likely to use outside vendors to maintain cost, but are at greater risk. If anything, this fine only enhances the fact that firms are responsible for the vendors that they hire. A partner of mine taught me long ago that you can always delegate the task, but not the responsibility. The same holds true here. It is perfectly fine to use a cloud vendor or some other third-party for your firm operations, but you must, at the same time, engage in heightened diligence. You must do more to protect yourself. Although you cannot rid yourself of the responsibility to protect client information, you could assign the risk of loss to the other firm. In other words, the other firm would have to indemnify you for any fines if their system is breached. At the same time, part of your due diligence when hiring a firm must include asking tough questions. Like, have you ever sustained a breach. And, if so, have you had another one since. In short, go ahead and outsource, but make sure you know who you are using. Ask the hard questions, and protect yourself with negotiated terms in your contract.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- What are you doing to prevent a data breach Audrey McNeil (Dec 16)